3.2. Guest Security Best Practices
All of the best practices for securing a Fedora system documented in the Fedora Security Guide apply to the conventional, non-virtualized systems as well as those systems installed as a virtualized guest. However, there are a few security practices which are of critical importance when running in a virtualized environment:
With all management of the guest likely taking place remotely, ensure that the management of the system takes place only over secured network channels. Tools such as SSH and network protocols such as TLS or SSL provide both authentication and data encryption to ensure that only approved administrators can manage the system remotely.
Some virtualization technologies use special guest agents or drivers to enable some virtualization specific features. Ensure that these agents and applications are secured using the standard Fedora security features, e.g. SELinux.
In virtualized environments there is a greater risk of sensitive data being accessed outside the protection boundaries of the guest system. Protect stored sensitive data using encryption tools such as dm-crypt and GnuPG; although special care needs to be taken to ensure the confidentiality of the encryption keys.