Better implementation of Virtual firewall strategy

Source: Internet
Author: User
Tags virtual environment least privilege firewall

Any enterprise network will have many virtual environments. Interestingly, I found that most virtual servers and VLAN environments did not take any precautions against the attack. Just because the virtual environment is your "four wall" thing, not everyone is free to visit. And that's where the virtual firewall strategy can help you.

To make the virtual firewall strategy more meaningful, here are a few factors to consider:

1. What are the business requirements in each virtual environment? Who needs access to which virtual environment?

2. What risks are you currently facing in your virtual environment? Whether there is an error configuration, whether there are missing system patches, and whether there are open ports that can be developed two times.

3. How can I apply or improve the principle of least privilege to ensure that the system is accessible only when business requires it?

4. If there is a problem with virtualization security control, what are the obstacles when using the Metasploit tool to prevent two development of vulnerabilities?

How to split traffic in a virtualized firewall policy

Once you've decided to do these things, you have to step back. Think about how you can do traffic segmentation better when using virtualized firewall policies, and just let the people you need access the system. It may exist in the form of traditional network firewalls and personal firewall software running on each operating system. Most departments have successfully combined the local management and OS control mechanisms with their own characteristics to establish the relevant security virtual environment experience. In fact, however, the security of this environment is still not comparable to the security in the physical host environment. In addition, in all the simplest virtual environments, the complexity of the system increases exponentially, which makes it harder to achieve the security you seek.

I'm pretty sure that complexity is the enemy of security, and if not, some of the tools that are used in the environment may be more effective, such as VMware's VShield or virtual firewall products from Third-party vendors, such as Reflex Systems,altor Networks ( It has now been acquired by Juniper) as well as TBD Networks. In this way, you'll also get better visibility, finer control, and better system performance and scalability in your virtual environment.

Security vulnerabilities in the LAN

One thing you need to keep in mind is that you should never underestimate the skills and intentions that come from within. Most of the vulnerabilities I've found in virtual environments use free tools or are easy to develop two of times by following the instructions in a book or on a Web page. The same is true for malicious software.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.