25 Points Virtualization Security Checklist

Virtualization is the process of running multiple OS on the same hardware and cloud platform. It is the most used method to reduce cost and effective utilization of resources. Below is the virtualization security checklist that can follow by auditors to ensure the security of virtualization servers.

Top Virtualization Interview Questions and Answers

(1) Check virtualization products are properly patched as recommended by product developers. Also, check for no fake kernel modules that are loaded on the host.

(2) Check Network Time Protocol (NTP) are properly configured and it should be enabled on each host.

(3) Check for consistent security policy enforced on physical and virtual networks.

(4) Check for effective control process to manage VM Lifecycle.

(5) Check whether VMs will be identified based on sensitivity/risk level. It helps in securing virtual servers more effectively.

(6) Check SSH should be disabled as it can be used to manage individual VM without logging.

(7) Check management against risk of intentionally or accidentally powered off of virtual servers.

(8) Check for architecture and design document of virtual appliance.

(9) Check for individual firewall protection enabled for each VM.

(10) Check for Hypervisor management APIs/CLIs are adequately protected.

How to secure Virtual Servers in Data Center

(11) Check role based access enabled for Hypervisor.

(12) Check whether critical data stored on VMs encrypted.

(13) Check policies for the backup and failover systems, including temporary upgrade/patch instances, are cleaned when deleting and wiping the VM images.

(14) Check for cryptographic mechanisms implemented to detect unauthorized changes to VM images and snapshots.

(15) Check non-root user account exists for local account access. Ensure root account should be used minimally.

(16) Check complex password policy should be used by administrator.

(17) Check the usage of automatic discovery tools to identify unauthorized virtual servers.

(18) Check maximum failed login attempts is set to 3 or 5 as mentioned in security policy. Also check for account lockout is not set to more then 15 minutes.

(19) Check for management solutions to examine, patch, and apply security configuration changes to VMs.

(20) Check communication access to virtual servers always through TLS. Check default signed certificate should not be used.

(21) Check Simple Network Management Protocol (SNMP) is properly configured. SNMP can be used to manage hosts. It should be disabled if not used.

(22) Check whether external media such as CD/DVD, USB etc. are restricted.

(23) Check for separate log server with proper access control .

(24) Check logs are maintained and monitored by security team.

(25) Check golden configuration of virtual servers available to deploy new servers.


Virtualization is a boon for creating multiple servers utilizing maximum resources and reducing costs. This article discussed a virtualization security checklist to enable auditors to enforce virtual servers' hardening configuration. Virtualization administrators also use this to check missing configurations to secure virtual servers more efficiently.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.