A growing danger occuring on IT networks today is rogue virtual machines on desktop systems. Lack of knowledge on how to handle this new security issue could leave you scratching your head.
For example, your company might let users run one of the following desktop virtualization platforms:
Microsoft Virtual PC 2007
When users have this virtualization software installed on their desktops, they have the keys to the castle if no policy or security is in place. Let me explain. Each virtual machine you create has a virtual switch. Your virtual machines can be connected to your physical NIC by bridged networking or Network Address Translation (NAT).
When you have a virtual machine connected to the network with a bridged connection, your MAC address and IP are visible on your LAN. NAT translation allows you to connect a VM to your network via the physical NIC. This type of VM is hard to track, as it looks like it is coming from the physical computer using the same MAC address.
Machines that have this kind of access can do real harm on your network. For example, a marketing person loads a VM for a demo and loads a DHCP server. This could cause problems if the VM is handing out IP addresses. Another example would be a machine that is not patched and introduces a virus onto your network. A whole host of issues could occur.
So how can we lock it down?
Disable virtual network interfaces on desktop computers
Audit systems with third-party software or VM policies
Move to managing virtual machines centrally instead of on each desktop computer
It is important to deal with this new threat before you are overwhelmed with a swarm of virtual machines on your network.