My answer to this is kind of weird in a way. No and Yes. No because the same level of security should be applied no matter if the server is physical or virtual. Standard virus protection, patching, backups, etc. However, there are a few more security threats to consider when looking at virtualization and one of them is VM hopping. This is where an attacker will try to gain access to a second VM by taking advantage of access to the first. Beyond the normal security measures I have found the placement of various virtual systems important. For example if we are considering a three-tier web hosting environment I would limit the virtual systems in one chassis to those of a giving layer in this model. For example web servers on one chassis and mid-tier systems on another. This way this type of attack couldn't be used to bypass firewall and other application level security simply by attacking the web servers.

The other concern I have is securing the Virtual Host itself and the 'console' interface. In the case of VMware it has a vconsole interface that allows users to managed the host system as well as access remote consoles of the virtual systems. This interface should be highly protected and isolated from much of the network. I would classify this interface similarly with IP KVM type connections since it gives you equivalent access.

This is by no means an all inclusive answer and will vary some depending on your specific requirements. My hope is that it provides you with some direction. If you need me to elaborate more please let me know.
Thanks,
Fred Stuck
http://XeeSM.com/FredStuck

Richard Stiennon

Chief Research Analyst, IT-Harvest

Posted on Jan. 12, 2011

I like Fred's answer above. All of the security in front of the virtual or physical servers should be the same. But virtual instantiations have the added requirement to protect them from the other VM's on the same physical box. Lots of solutions are being developed from SourceFire, HP Networking (Tippingpoint), and Trend, to provide FW/IPS between each VM.