New Works 11/16

Running head: Project proposal 1

Project proposal 5

Project proposal

Institution’s name:

Student’s name:

Date:

Project proposal

This proposal is geared towards answering the question of the top ten recommendations for securing virtual servers since virtualization plays a great deal of significance to the managers and engineers when they are trying to keep pace with the business pressures that need other servers to be added to the existing ones as supported by the quote “ to understand why virtualization have had such a profound effect on today’s computing environment, you need to have a better understanding of what has gone wrong in the past” (Yao, 2020). However in their attempt to introduce and increase flexibility in the organization designs and in the implementation of new solutions, organizations face new concerns that are security related. Therefore they need to secure their virtual server technology and involve the right policies and processes and the right standards.

The first recommendation of securing virtual servers is hardening of the host which is made up of the hardware and the operating system. This is done because the host operating system is subject to all the risks that are expected in a virtual server implementation whereby the best method of reducing attack on the host surface is through removal of the common risks by simply not installing them (Sharma, 2017). In addition, the implementation of the windows server is the best way of achieving this whereby the server core eliminates all the services and other features which are not relevant in the support of the server roles that are commonly used.

The second recommendation is on the hardening of the management and the virtual machine operating system which are key to administration in the management of the entire virtualization environment as supported by the quote, “we don’t treat the virtualization servers any different than the physical servers when it comes to security. We treat them the same. Security is security” (Yao, 2020). Therefore it is important to harden the management operating system in a way that is equivalent to the nature of the sensitive information that is processed in the virtual machines on the management operating system’s host which are necessary when deciding how much security is necessary which is supported by the quote “the model and the size of the server was determined with help from an application vendor who provided a recommendation configuration based on the company’s specific need. That need was not the company” (Halverson, 2016).

The third recommendation is configuring the roles of the administration with least privilege access through separation of duties which is necessary for security and for purposes of compliance. Therefore, no person is supposed to have the ability to do all the tasks related to administration. The fourth recommendation is the separation of administration roles of the host, the virtual machine and the root partition which recommends that it is necessary to separate the physical security administration from the hypervisor administration (Chandramouli, 2016). In addition, despite the fact that an engineer is supposed to maintain the host hardware and the operating system, it does not mean that he is entitled to access the management operating system.

The fifth recommendation is that there is need to secure the files in the virtual machine whereby whether these files have been moved into a granular folder structure or have been left in their default location, they should be secured. The sixth recommendation is enabling of auditing which includes both access to the files and system monitoring in that all files that are associated with virtual machine and root partition are subject to auditing. The seventh recommendation is related to patching of archived virtual machines which stipulate that the physical and the virtual servers need are subject to similar administrative, logical and physical controls. The physical controls include taking part in the aggressive patching process.

The eighth recommendation relate to the isolation of the management and the physical access of virtual machines which involve the isolation of devices in the virtual environment, a practice that follows the principle of segmentation of network. With segmentation of network, it only allows the network traffic that is explicitly permitted to reach a device. The ninth recommendation is the virtual segmentation which separates the virtual machines on the same host whereby a switch that is virtual is created which aid the hyper-v to secure and control the packets of network which get in and out of the virtual machines (Benkhelifa, 2019). The tenth recommendation which is the last involve proliferation management which dictates that despite virtualization being a great tool of productivity if it is not misused. However, in case there are attempts to use it for quick instantaneous servers that are outside the established process of change management. If this happens, all the oversights that are supposed to ensure the mitigation of surface attack are bypassed and with time, virtualization is out of control which becomes a bigger peril than the benefit.

References

Benkhelifa, E., Hani, A. B., Welsh, T., Mthunzi, S., & Guegan, C. G. (2019). Virtual Environments Testing as a Cloud Service: A Methodology for Protecting and Securing Virtual Infrastructures. IEEE Access, 7, 108660-108676.

Chandramouli, R., & Chandramouli, R. (2016). Secure virtual network configuration for virtual machine (vm) protection. NIST Special Publication, 800, 125B.

Halverson, C. (2016). PowerCLI Essentials. Packt Publishing Ltd.

Sharma, M., Husain, S., & Ali, S. (2017). Cloud computing risks and recommendations for security. International Journal of Latest Research in Science and Technology, 6(1), 52-56.

Yao, J., & Zimmer, V. (2020). Virtual Firmware. In Building Secure Firmware (pp. 459-491). Apress, Berkeley, CA.