S 2.448 Monitoring the function and configuration of virtual infrastructures

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

The configuration files of virtualisation servers contain the information of the virtual infrastructure required for operation of a virtual machine. This includes the assignment of resources for every virtual IT system and the definition of the networks for the virtual IT systems.

Monitoring the configuration of virtual IT systems

The configuration of the virtual IT systems for server and operating system virtualisation in a virtual infrastructure determines the properties of the virtual IT system. It is defined

a virtual IT system is provided with by the virtualisation server.

Furthermore, properties of the hardware emulation are additionally defined in the configuration for a server virtualisation where the hardware is virtualised completely. For example, these include:

If configurations of the virtual IT systems are changed, the systems may not be able to access critically needed resources. It is also possible for a virtual IT system to be accidentally provided with access to resources it should not have access to. An example for this includes the access to all salary data of a company for the employees of the development department.

This way, the configuration files of the virtual IT systems are often characterised by particular protection requirements regarding their integrity. It should be defined how these configuration files should be checked for unauthorised modifications. Depending on the protection requirements of the virtual IT systems running on the virtualisation server,

must be taken into consideration.

Monitoring the function of the virtual infrastructure

Normally, virtual networks that can be used to connect the virtual IT systems to the physical networks are defined on a virtualisation server. These network functions of the virtualisation servers may accidentally open communication paths that should not be available, due to an improper configuration or wiring. An example for this includes the improper connection of an ERP system with high protection requirements to a DMZ designed for customer dial-in. Therefore, it must be checked regularly that the network configuration complies with the plans in terms of wiring and logical configuration of the virtualisation servers. This concerns the network infrastructure and the integration of the virtualisation servers into storage networks.

For some virtualisation products, resources such as network connections are only differentiated based on a practically freely selectable identifier. These resources are now assigned to the virtual IT systems using this identifier. This assignment is frequently maintained when a virtual IT system is migrated from one virtualisation server to another. If physically or logically different network connections have the same identifier, a virtual IT system may be connected to the wrong network. This could possibly have fatal consequences if internet and intranet have been confused due to an error in the configuration, for example.

For this reason, the identifiers of the networks must be unambiguous and meaningful and it must be checked regularly whether such network assignments are correct. This may be performed with the help of a functional test, e.g. the availability test of the virtual system in the assigned network.

Review questions:

© Federal Office for Information Security. All rights reserved.