Hyper-V security is essential because hypervisors host all of your virtual machines and virtual resources. If bad actors get control of the hypervisor, they could potentially take over your virtual machines. Avoid these 10 Hyper-V security mistakes to ensure your virtual environment is free of malware and stays protected from malicious threats.
Mistake #1: Installing Additional Software on the Hyper-V Host
Hyper-V hosts should only handle the Hyper-V role. At times, admins may assign additional tasks to their Hyper-V hosts, but this is an incorrect approach. You shouldn't use Hyper-V hosts for your domain controllers, nor as FTP servers. That's because external services open up potential areas for compromise. For example, an FTP server or a web server might allow someone to transfer a malicious file to a sensitive location.
Mistake #2: Forgetting to Run Updates
Make sure that your hypervisor is updated and that you have an update schedule and patch policy in place. If Microsoft releases a security advisory or a patch, it's vital to implement the fix quickly. By having plans and policies in place, you can implement needed Hyper-V security updates quicker.
Mistake #3: Opening Your Firewall Ports to More Services Than Your Hypervisor Requires
You should only open ports to the services required to run your hypervisors. Common mistakes include running RDP and opening RDP access. Changing your firewall settings may result in increased vulnerability of your network security and can lead to negative consequences. Always contact your network administrator if you are not completely sure of what you are doing and need assistance.
Mistake #4: Not Monitoring Your Firewall
It's important to have a robust firewall in place to monitor the traffic coming to and from the hypervisor. Monitoring is necessary because you want to keep an eye on who is accessing the hypervisor at all times. You also want to determine what type of traffic is flowing through your hypervisor and virtual machines. Monitoring incoming traffic to the business is just as important as keeping an eye on the outgoing traffic that often contains sensitive customer data and other important information.
Mistake #5: Not Using Physical and Virtual Firewalls Together
A virtual firewall protects the hypervisor as well as virtual machines themselves at the hypervisor layer. A physical firewall, on the other hand, focuses on the appliances that run on their own hardware. If there's a breach somewhere on the network, the physical firewall reduces the risk of exposure by controlling the inbound and outbound traffic. Using a combination of virtual and physical firewalls allows you to assign low intensity tasks in a virtualized environment while dedicating tasks that are better executed on hardware appliances to your physical firewall.
For more information about building a disaster recovery and business continuity plan, read Business Continuity Guide for Hyper-V Replication.
Mistake #6: Not Leveraging Role-Based Access Control
The best practice here is to give administrators just enough access to complete their work, and not more. In other words, you're giving any user that could potentially need to access that hypervisor only a limited set of permissions required to do their job. It's essential that the user can't move a virtual machine, shut down the server or remove a file by mistake. Furthermore, you should also have policies in place for who can access hypervisors, as hypervisor access should always be minimized.
Mistake #7: Using Traditional AV Instead of Agentless AV
Traditional AV uses a conventional router for every single virtual machine in your environment and requires you to install an agent on each virtualized system. This leads to a wasteful use of hardware resources because each agent is going to monitor every single file as it's being read. The agentless approach doesn't require an installation of an agent as it operates based on the use of a specialized security virtual appliance which continuously scans for malware and keeps the identification engine running. The main advantage of using agentless AV is in its low resource consumption and an ability to centralize basic antivirus functions in a single appliance.
Mistake #8: Not Ensuring Full Protection of Each New VM
If you're adding a new VM to the network, the first thing you want to do is ensure that it is secure and protected. Dot your I's and cross your T's to guarantee that your new VM complies with all of your security requirements before it goes live. In other words, a VM shouldn't join the network or become accessible without setting your predefined policies in place first. Otherwise, newly added VMs may fall victim to malicious attacks the moment they come online. Furthermore, an infected VM could potentially cross-contaminate other virtual machines inside your network. Platforms like 5nine Cloud Security offer default policies that make VM security tasks much easier to handle.
Mistake #9: Not Monitoring Packet Flow
It's important to look at your average packet size and speed to ensure all anomalies are investigated. For example, let's say that somebody takes hold of one of your virtual machines. The next thing they're likely to do is try and attack one of the virtual machines sitting next to it on the hypervisor, or they might try to attack the hypervisor itself. Packet flow monitoring can identify malicious attacks by looking at Internet consumption changes between different endpoints. Changes in the packet speed and size may be an indicator that one of your virtual machines has been compromised.
Mistake #10: Not Having Alerts Set Up
Setting up security alerts is important so that when a potential threat is detected, you can address it immediately. Alerts can indicate malicious attacks, viruses, unauthorized access, critical changes and more. They proactively notify you when issues are found in your monitoring data. Many Hyper-V security solutions include default alarms along with an ability to add custom alerts to notify you of various events and conditions, with 5nine Cloud Security being the most prominent.
Simplify Hyper-V Security and Remove Complexity
5nine Cloud Security is the #1 security and compliance solution for Hyper-V. This platform includes critical features like agent-less antivirus, virtual firewall, intrusion detection and anomaly analytics. It is straightforward and easy to use. 5nine Cloud Security eliminates Hyper-V security mistakes by automatically and immediately protecting each virtual machine added to the network with the security policies you define. Even better, you and your team don't have to be security specialists to use this software. Our elegant and intuitive design makes it easy for anyone to effectively secure their virtual stack.
I am an author, speaker and technical evangelist focussed on Microsoft Cloud management and security. I’ve held product management and product marketing roles at early stage startups and enterprise software vendors, all with an emphasis on Microsoft technologies. As the Senior Evangelist for 5nine, I get to share the 5nine story with audiences all over the world. I talk, I blog, I record videos, and I spread the word via social media.