Virtualization Security – Part 2 – Hardening the Hypervisor’s Management Console

Bookmark and Share

Part 1 of the series on Virtualization security covered “Hardening Virtual Machines”. In this post, “Hardening the Hypervisor’s Management Console” will be addressed.

It is important to make sure that you have properly secured the management console because all configuration tasks are performed through the management console. This includes configuring storage, controlling aspects of virtual machine behavior and setting up virtual switches or virtual networks. It is also important to know that securing the management console is important because the console actions can affect all VMs on a Host. If someone can gain access to the management console, they could perform many malicious acts that could affect a large portion of your IT infrastructure. Letting someone gain access to the management console gives them the ability to modify, shut down, or even destroy virtual machines on that host. Because a host could conceivably contain many important virtual machines, this is a much bigger concern than allowing illegal access to just one physical server. If attackers gain access to the management console, they are free to reconfigure many attributes on the host. For example, they could change the entire virtual switch configuration or change authorization methods. Since the management console is the point of control for the hosts, safeguarding it from misuse is crucial.

Make sure you properly configure the firewall for maximum security. Most companies that produce Hypervisors (software that allows multiple operating systems to run on a host computer concurrently) include a firewall between the management console and the network. The management console’s firewall settings should be configured to the highest possible security settings for both inbound and outbound port traffic.

Most of the Hypervisors on the market today have built their management consoles on Linux and as a result, most Linux-based software is compatible. You should however avoid installing or running additional software in the management consoles if possible. Be aware that if you install agents onto the management consoles, firewall ports may need to be opened. Therefore, keep third party agent installs to a minimum.

Try and avoid accessing the management console directly whenever possible. Use the GUI based enterprise software If possible. Two examples would be VMware’s Vcenter and Citrix’s Essentials. These communicate using well defined procedures and API’s which are much safer than direct execution of arbitrary commands. Managing virtual machines and hosts through the enterprise management software is advantageous since authorization and authentication are performed via your corporate Active Directory service instead of using special local accounts in the service console. In addition, roles and users are stored in a database, providing an easy way to view the current permissions. You can also keep track of every task invoked through it, providing an automatic audit trail.

There may be a situation where you will need to perform configurations or troubleshoot problems directly on the host(s) using the management console. Avoid using the root account to perform these tasks and do as much as possible to limit the group of individuals that know the root account and password. In fact you may want to go so far as to restrict root user access remotely or even to direct access of the console. This will force users to first authenticate using user accounts then to use the “sudo” or “su” commands to perform advanced tasks. For advanced tasks, you should set up localized user accounts and groups for the few administrators with overall responsibility for your virtual infrastructure. You can choose to create the local accounts on host server for each user but this presents a problem of having to manage user names and passwords in multiple places. I recommend using a directory service, such as LDAP, to define and authenticate users on the service console to avoid creating these local accounts.

Management console patches should be applied as soon as they are released, in accordance with the vendor’s security advisories and when advised by Vendor authorized technical support personnel.

Any input you may have on this topic would certainly be of interest. In my next post on virtualization security I will address “Host level Security”.

Tags: , , , , ,

2 Responses to “Virtualization Security – Part 2 – Hardening the Hypervisor’s Management Console”

  1. Wimax Kumari says:

    Superb information, thanks a ton.

  2. […] Continued in Part 2, “Hardening the Hypervisor’s Management Console”. […]

Contact Us Request a Consultation