2.2. Host Security Best Practices for Fedora

⁠2.2. Host Security Best Practices for Fedora

With host security being such a critical part of a secure virtualization infrastructure, the following best practices should serve as a starting point for securing a Fedora host system:

Run only the services necessary to support the use and management of your guest systems. If you need to provide additional services, such as file or print services, you should consider running those services in a Fedora guest.
Limit direct access to the system to only those users who have a need to manage the system. Consider disallowing shared root access and instead use tools such as sudo to grant privileged access to administrators based on their administrative roles.
Ensure that SELinux is configured properly for your installation and is operating in enforcing mode. Besides being a good security practice, the advanced virtualization security functionality provided by sVirt relies on SELinux. Refer to Chapter 4, sVirt for more information on SELinux and sVirt.
Ensure that any remote management of the system takes place only over secured network channels. Tools such as SSH and network protocols such as TLS or SSL provide both authentication and data encryption to ensure that only approved administrators can manage the system remotely.
Ensure that the firewall is configured properly for your installation and is activated at boot. Only those network ports needed for the use and management of the system should be allowed.
Refrain from granting guests direct access to entire disks or block devices (for example, /dev/sdb); instead, you should use partitions (for example, /dev/sdb1) or LVM volumes for guest storage.

Note

The objective of this guide is to explain the unique security related challenges, vulnerabilities, and solutions that are present in most virtualized environments and how to best address them. However, there are a number of best practices to follow when securing a Fedora system that apply regardless of whether the system is a standalone, virtualization host, or guest instance. These best practices include procedures such as system updates, password security, encryption, and firewall configuration. This information is discussed in more detail in the Fedora Security Guide which can be found at http://docs.fedoraproject.org.

⁠2.2.1. Special Considerations for Public Cloud Operators

Public cloud service providers are exposed to a number of security risks beyond that of the traditional virtualization user. Virtual guest isolation, both between the host and guest as well as between guests, is critical due to the threat of malicious guests, as well as the requirements on customer data confidentiality and integrity across the virtualization infrastructure.

In addition to the Fedora virtualization best practices previously listed, public cloud operators should also consider the following items:

Disallow any direct hardware access from the guest. PCI, USB, FireWire, Thunderbolt, eSATA and other device passthrough mechanisms not only make management difficult, but often rely on the underlying hardware to enforce separation between the guests.
Network traffic should be separated such that the cloud operator's private management network is isolated from the customer guest network, helping to ensure that the guests can not access the host systems over the network. The network should be further isolated such that customer guest systems run in a private, virtualized network so that one customer can not access another customer's guest systems directly via the cloud provider's internal network.