Five actions to cope with virtual attacks

Five actions to cope with virtual attacks

If you have been working in the IT industry for a long time, you must have experienced a desperate call when an exception occurs in the data center. The first idea is to recall which changes in the data center will lead to problems. If the problem has nothing to do with you, maybe another administrator has a problem? Or does the licensed change control task cause exceptions? What are the possible causes?

After traversing the list of possible problems and eliminating the most likely candidates, you may face a nasty conclusion that you are experiencing a virtual attack.

Remember that it is important to remain calm and not panic. This is not the end of the world. Whether clear or not, you may be preparing for such events. As a virtualization expert, you may be deploying industry best practices to ensure the security and manageability of your environment. Through rigorous assessment, the potential impact of virtual attacks can be minimized. Let's review some of the measures that help ensure the security of the virtual environment.

Build Protection Layer

You and your team have built multi-layer protection in the VMware environment, not just a large lock. Each layer of protection starts from external access and then switches to internal networks, storage, virtual hosts, and customer virtual machines to protect data. Setting access permissions based on the minimum permission principle may be the most common choice. Yes, although all preventive measures may be broken through one to two layers, deep protection will protect the most critical data. This also requires you to spend time analyzing instructions and taking additional measures to avoid further penetration.

Use a complex password

In the space shell of the classic movie of Mel Brooks, an important password is set to 12345. Dark Helmet then shouted, "this is the most stupid combination I have ever heard! Only idiots can do this ."

Every day, the password policy and authentication process are strengthened, so that intruders can obtain the most valuable data assets, which will become increasingly difficult. You may sneer at this. You are never allowed to set such a password in the system or access point, are you? The password policy requires you to set a complex password at all levels, and you can set the password change frequency forcibly by monitoring the policy and reporting the non-conforming passwords that have been tracked. Strictly protect privileged accounts such as root accounts. If possible, they can be disabled or disguised. In addition, password sharing is not allowed because password sharing will cause audit problems and make it almost impossible to track internal access.

Do not neglect Patching

You have subscribed to security and risk warnings from VMware, so you know when to patch the system to ensure its security. In addition, you recognize the importance of Patching at all levels, including hosts, virtual machines, applications, and hardware. Patching is time-consuming and tedious. This is true at all. However, you must realize that patching is a necessary and important aspect to ensure data security.

Check Event Logs

The virtual environment is constantly changing. You must not only keep up with changes, but also have a general understanding of the running status of the entire environment. You can use automated tools or manually check the Event Logs to understand the overall running status and find clues when exceptions occur. Network security devices, such as intrusion protection systems and intrusion detection systems, ensure network security. You must rely on these devices to identify potential intrusions. Make sure that you can carry out regular behavior audits and discover problems you missed.

Focus on planning

However, despite all preparations, there will still be idle people or suspicious elements attacking or intruding your system. What measures have you taken? You have made routine preparations. Make a plan in advance, and the pressure will be greatly reduced when problems arise, allowing you to continue to focus on your work at hand.

The Emergency Response Guide describes how your colleagues can cope with the above situations. This is especially true when the system storing this guide is inaccessible.