Virtualized IT environments, which have become indispensable to many companies as they consolidate servers, can now be checked against a vendor-neutral security configuration benchmark developed by the Centre for Internet Security, a nonprofit security organization.
CIS recently posted a 30-page document that can be used to configure any virtual machine installation. At press time, the group had imminent plans to add a similar benchmark specific to VMware’s ESX Server software.
CIS officials contend that independent configuration guidelines, developed on a consensus basis with input from parties that aren’t affiliated with the vendors of the technologies being addressed, are critical to securing IT systems.
“If everybody had listened to Microsoft and only Microsoft guidance for all these years for securing systems, we would be in a world of hurt,” said Dave Shackleford, a vice president at the CIS. The same point applies to any other software vendor, he added.
The new benchmark provides information on a broad range of topics, such as sharing files between a host and guest server, and the problems associated with synchronizing time between various virtual systems. 073049
