4. Security Matters
Filed By: Robert Moir
4. Security Matters
When using Virtual PC images you need to consider a few extra security issues on both the host and guest operating systems.
Simplest and most obvious is the security of the disk image and settings files for the guest operating system. This is another reason besides performance why these should be held on an NTFS disk. Use NTFS permissions to prevent people from deleting or otherwise harming these files.
Also, Virtual PC Console Options has a security tab, where you can lock down who is allowed to administer Virtual PC settings. Use this to restrict administration of the virtual PC environment to host machine administrators only. Users should be able to run guest systems (assuming they have NTFS permissions to the appropriate files) but ideally they should not need to fiddle with VPC settings.
The most important point to consider is that there is nothing special or magical about a Virtual PC that excuses you from securing it. If it has access to your network via the host machine's network connection, then it can do anything that a real machine could do on that network. That means that a guest machine must follow all your normal security practices and guidelines.
Let me say that again in a RED typeface, because it seems people still don't get this... you MUST secure a Virtual Machine to the SAME standards that you would secure a REAL machine. It isn't my place to tell you what your standards should be, but it should be the same for your guest systems as it is for your host system. Anything less is a security risk, period.
On a home network machine that means you should be installing anti virus software where applicable, consider firewalling the guest machine, and remember to apply operating system and application updates.
On a corporate network you should ensure that your virtual machines comply with your network and security policies. Remember as for the home machine, to install Anti virus software, OS updates, etc as needed and also remember to manage rights carefully; don't assume that it is ok to give someone admin rights on a virtual machine connected to your network if you wouldn't normally give them admin rights on a physical machine connected to the network.
