Once the virtual machine is launched on the cloud platform, it might be exposed to several stakeholders for access. Usually, customers are provided full access to the virtual machine. Therefore, it is the responsibility of the customer to ensure the security of the virtual machine.
A public cloud provider such as AWS offers web APIs to manipulate the EC2 instances. These APIs, when orchestrated properly using automation techniques, can provide easy scalability and elasticity for meeting the increased workload in high demand situations. Sufficient network access migration steps must be taken to restrict access to the virtual machines by configuring the firewall rules in the security groups. The virtual machine internal firewall rules should also be configured if required. For example, Linux iptable rules can be leveraged to increase the network access security. Similarly, Windows has a native firewall that can be configured appropriately to ensure that only relevant protocols and ports are allowed.
When a virtual machine is customized to meet the organization's standards and policies, it is a good practice to store hardened images of the configured virtual machine. An AMI can be created out of a a configured virtual machine instance and stored. This AMI can be used for launching more virtual machines which exhibit the same configuration settings. Similarly, on OpenStack, a Glance image can be created from a running virtual machine, which can be reused.
The following are some of the security measures to be considered for ensuring virtual machine security:
- Protect customized AMIs or Glance images from unauthorized access
- Ensure that the private keys used to access the virtual machine are safeguarded
- Avoid password-based authentication for shell access
- Require passwords for sudo or role-based access
- Configure the host firewall and allow only the required ports
- Run only the essential services and turn off the unused ones
- Enable event logging system auditing and write the logs to a dedicated log server
- Ensure that the log server is provided with higher security
The preceding measures will ensure that the virtual machine is secure.