| Note |
|---|
This page has been converted to an itinfo article. To avoid version skew, please contact aurora@mit.edu with any changes |
Overview
We strongly recommend treating each virtual machine as if it was a physical machine for most activities. Virtual machines are vulnerable to most of the same things as physical machines including data loss/corruption, hardware failures, viruses, and hackers. Install and use virus scanning software. Take regular updates to your operating system, preferably via an automatic update system. Make regular backups of important data. Follow the recommended best practices for your guest operating system. In most cases, simply treat your virtual workstation as you would any other machine.
...
While virtual machines are at risk of all the same things as any other machine, you should be aware of a few additional issues.
- If a host is compromised, scripts can be run on the host that can interact with the guest at whatever privilege level the guest is logged in as. This can result in malicious trojans being installed on the host and guest machines.
- A virtual machine that is not virus protected, compromised, and in a shared networking configuration can be used by an attacker to scan both the private and public address spaces. The other virtual machines on the host (if not patched) can also be exploited via the network, so a software firewall on each of the guests is recommended.
- (Enterprise version) When turning on shared folders, they can be accessed through a compromised guest. Files can then be placed on the host and attackers can access other guests' file systems.