Five ways to increase Virtual Machine (VM) security

Five ways to increase Virtual Machine (VM) security
August 24, 2018 Chris Button

eResearch Insight of the Month:

Five ways to increase Virtual Machine
(VM) security.

ersa.edu.au

When working with Virtual Machines (VMs), it’s important to ensure your work is being kept safe and secure from any threats. eRSA users will be familiar with our TANGO Cloud platform, but many of these suggestions can be used on any Cloud platform. Following these steps will help to keep your data away from prying eyes. After all, your data is yours for a reason.

Step 1: Don't share your VM account details

One of the easiest ways to secure your VM is to make sure only you know the password to log in.  Almost sounds silly right? Sharing account details is risky because you will no longer have full control over the use of your VM.

In fact, for those with eRSA VMs, sharing account details with others is against our terms and conditions, meaning we can’t help you if something goes wrong. Other VM service providers will likely have similar account sharing restrictions. If you need to collaborate with colleagues, each person needs to have their own eRSA account and be invited to be a member of your project team.

Step 2: Stay Up to Date

No, not just on the latest news, keep your VM up to date. Just like a standard desktop PC, it’s important to keep your VM updated with the latest operating system (OS) and security updates. This will help protect your work from new vulnerabilities and threats, plus it’s just a good habit to get into.

For Windows users, check for updates via Windows Update in the settings menu.

Linux users, you can update according to your specific OS:

Step 3: Only open firewall ports as necessary

Firewalls regulate traffic coming in and out of your device, blocking untrusted networks while letting trusted traffic filter through. You can manually open and close selected firewall ports to allow more traffic in, but it is best to keep only the essential ports open to maximise security.

The firewall ports you need open will vary depending on the software and applications you’re using, and the user documentation will usually state which ports need to be open for full functionality.

Windows users, once you’ve identified what firewall ports you need to open, follow this guide to configure as per your requirements.

Linux users, here’s something we prepared earlier on how to control your firewall while accessing your TANGO Cloud VM – this guide walks you through a tool known as “firewalld”.

Step 4: Install protection software

Mainly aimed at the Linux brigade, this point is more than just installing your preferred antivirus software – look into using additional software such as Fail2ban. Helping to protect your VM against brute force attacks, Fail2ban will block IP addresses caught attempting to access your VM according to parameters that you define. This can include a set amount of unsuccessful login attempts within a specific amount of time.

You can also whitelist specific IP addresses, meaning you can set your personal or institution IP addresses to not trigger the software – safeguarding you against the days where you forget your password!

Security

Step 5: Implement SSH keys for increased security

SSH (Secure Shell) Keys are an option to add an extra layer of security when accessing your VMs. As stated in this Digital Ocean article, “While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone.”

SSH Keys are a paired long string of characters generated via the command line or a specific program, serving as a more secure form of authentication than a regular password. In addition to the SSH Key, you can manually create a password as another safeguard to make it more difficult for unwanted data access.

Windows users, check out the graphical PuTTYgen tool for creating SSH Keys, while Linux users can generate keys via the command line.

Putting these steps into action will help to keep your VM and data secure. After all, it takes two to TANGO, but only you should be on your Virtual Machine!

Step 6: BONUS STEP!

You didn’t expect this madness, an extra, un-advertised step that you don’t have to pay or sign up to a mailing list for. Step 6 is simple, Get in touch. If you have any questions about security or anything Cloud computing, please don’t hesitate to email our friendly Service Desk team or call on 08 7228 6236. We make it an priority to stay on top of any issues that our users have, we would love to hear from you.

TANGO Cloud

eRSA exists to support the advancement of research and innovation by providing market leading IT platforms and whole solutions to university research, government and business sectors in South Australia. By providing access to a suite of advanced technology solutions and services that are reliable, easy to use and secure, we enable all researchers to explore new and innovative research opportunities that would not otherwise be accessible.

Our Partners

University of South Australia logo
Adelaide uni logo
Flinders university logo