This page is for content that will eventually be used to create formal documentation. Please include information, questions, links and any other lore that may be of use.
Best Practices
- Don't register a VM for DHCP on wireless.
- When copying or backing up a VM image:
- Make sure the VM is powered off.
- Do not copy the lockfile directory (the only subdirectory that ends in ".lck"
- When restoring from backup use move, not copy.
- Treat each VM as a standalone computer for security purposes. Install virus scanning software. Take OS updates.
Q. I want to make a backup of my virtual machine. What is the best way to do so? (From VMware docs on best practices for backup)
A. To make a backup copy of a virtual machine, just copy the folder to another location. When you power on the copy, you will be asked if you have moved the virtual machine or copied it. Select that you Moved It. This will keep all of the settings the same. If you select the Copied It option, a new UUID and MAC address will be generated, which could cause Windows Activation to come up and can also cause Linux machines to have problems with the Ethernet devices.
You will not be able to use a backed-up virtual machine at the same time as the original because you will have a MAC Address conflict on your network. If you need to be able to run the backed-up virtual machine at the same time as the original, you should make a copy using the Copied It option.
- Networking: NAT
The security recommendations below were taken from our getting connected (Passport) doc's.
Security Recommendations
- Feed me content!
- Back Up Your Data
The importance of backing up your data cannot be stressed enough. If your
hard drive fails or your computer is compromised, a backup can make a world of
difference in recovering from such an event. Backups are always advised prior to
updating your operating system. More information on MIT backup services is at
http://web.mit.edu.ezproxyberklee.flo.org/ist/topics/backup/.
- Install Anti-Virus Software
While MIT does its best to prevent virus attacks, no computer is immune to them. To
encourage protection of your computer, MIT provides anti-virus software for free.
• Linux: VirusScan
• Macintosh: VirusScan
• Windows PC: VirusScan
For more information about virus protection at MIT, go to
http://web.mit.edu.ezproxyberklee.flo.org/ist/topics/virus/.
Once installed, VirusScan is configured to update your virus definitions automatically. You can also download virus definition files (known as DAT
files) from the vendor's web site: http://www.nai.com/us/downloads/default.asp. W
- Choose Strong Passwords
Weak passwords can be guessed, thus giving someone else access to your files and your system. Create passwords that are at least eight
characters long, containing numbers, upper and lower case letters, and symbols. More information on creating strong passwords can be found at
http://web.mit.edu.ezproxyberklee.flo.org/ist/topics/network/passwords.html.
From the IS&T Security Team:
- If a host is compromised, scripts can be run on the host that can
interact with the guest at whatever privilege level the guest is
logged in as. This can result in malicious trojans being installed on
the host and guest machines.
- A virtual machine that is not virus protected, compromised, and in
a shared networking configuration can be used by an attacker to scan
both the private and public address spaces. The other virtual
machines on the host (if not patched) can also be exploited via the
network, so a software firewall on each of the guests is recommended.
- All guests on a host machine should have like risk posture – same
level of accessibility, data sensitivity and level of protection.
- (Enterprise version) When turning on shared folders, they can be
accessed through a compromised guest. Files can then be placed on the
host and attackers can access other guests' file systems.
- Access to the host should be limited (firewalled off).
- When taking a snapshot of a virtual machine and then branching off,
make sure to save the image at the instance before the branch (the
trunk) rather than at the branch level to ensure security patches are
most up to date.
If you have any questions, let us know. Most of this information came
from Mike who has experience using VMWare for virtual networking
purposes, so he is probably the best person to go to on this.