VMware Communities
aluminex
Contributor
Contributor
‎05-16-2012 12:18 PM

Keep your virtual machines secure

I was hoping to get some advice and/or ideas on the best way to accomplish the following:

We have multiple users on a production network and they are using virtual machines for testing and development.  Our main goal is to stay practical while also implement strict security and/or compenstating controls for our virtual machines.  The concern is the lack of patches and virus definition updates on the host-only configurations.   A simple solution would be to create a virtual network and restrict any network communication between the physical and virtual box but that's not an option.

Any ideas on how to best secure or keep the virtual machines up-to-date.  How do you handle this?

Reply
0 Kudos
6 Replies
quiettime
Enthusiast
Enthusiast
‎05-17-2012 11:20 PM

I do it manually. Although I hope someone has a better idea. I was just thinking how tedious this has become for us.

Reply
aluminex
Contributor
Contributor
‎05-18-2012 06:24 AM

Anyone have any suggestions?

Reply
0 Kudos
mfelker
Expert
Expert
‎05-18-2012 08:02 AM

Seem to me that both  patches and upldates for Windows itself and AV progams in a Windows guest  can easily be set to auto.   Windows guests  through Windows Update and the initial instatlion of most AV programs Automatic  updates for Windows , if set via the Conrfol Panel , will actually install lthese before  the guest shuls down  but the user should be told not to turn off the machine before this process completes (Windows iself will inform them of trhis)  Even some Linux distos ( Ubuntu for one) can probably do similar  things butf I can't give specifics because I do this manually myself - I have only a few users. Firefox and Google Chome are now updating themselves in  the background.  I think ihe main thing is to tell users that even if they are running in a virtual machine they are not immune to malware.

Reply
0 Kudos
quiettime
Enthusiast
Enthusiast
‎05-18-2012 07:18 PM

It would be nice if there was a service that would update everything on demand. So rather than having to go into Chrome and click the About box and then updating to have it be automated. Services like Google Updates and Adobe Updates work well but only if the computer is on for a while. In Adobe's case sometimes it needs to be days before a check if it's not manually initiated.

With a VM I haven't used in a while I want to turn it on, hit one button to update everything, save the snapshot, then run whatever I need to and I can revert to that snapshot. Unfortunately it's not that easy. This is not VMWare's fault, or anyone's fault really. It would be nice to have a solution though.

Reply
0 Kudos
mfelker
Expert
Expert
‎05-19-2012 02:32 PM

Actually  the latest version of Chrome (sorry don't  know the exact ver number but it  available  as a stable vresion does just what you want.  At the end of the background update it may ask the user whether they want to relacunch the browser  but you might check on Google Smiley Happy to see if that can be auttomated. 

Reply
0 Kudos
admin
Immortal
Immortal
‎05-22-2012 04:17 AM

Hi aluminex

Welcome to the communites

Please follow below link.

http://www.thenetworkpro.net/blog/?p=494

"Life is never easy for those who dream"
Reply
0 Kudos