VMware Fusion 4 security tips and tricks

VMware Fusion 4 security tips and tricks

If you are new to VMware Fusion or you’re an old pro, there are a few security considerations you should be aware of with this hosted virtualization platform. Make sure you follow these VMware Fusion security measures to protect the virtual machines, the host and your own sanity.

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you alerts covering all areas of VMware, such as implementing VMware-related virtualization technologies for server consolidation, disaster recovery and backup strategies, management and performance, VM migration and more.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchVMware.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchVMware.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

More on VMware Fusion

Benefits and challenges of upgrading to VMware Fusion 4

VMware Fusion for Mac: Advanced tips

VMware Fusion performance tips

Nesting VMs in Fusion and Workstation

VMware Fusion is a Type 2 hypervisor, which means it runs like an application atop the host operating system. These hypervisors don’t have direct access to the server hardware and must go through the OS, creating additional security vulnerabilities compared to bare-metal Type 1 hypervisors. Many different types of sharing between the guest and host OS are available on VMware Fusion, which provide further points of access for potential hackers.

VMware Fusion download options
When you purchase VMware Fusion, including the new VMware Fusion 4, you can decide between two separate downloads, one with McAfee’s Security Suite and one without. I highly recommend that you download the one without the suite.

Here’s why: First, the product can be difficult to manage and remove. Second, while it’s nice to have this VMware Fusion security option pre-bundled with the product, McAfee’s suite is only a limited-time activation, and repeatedly nags you to purchase it before it runs out.

Personally, I find security products such as Microsoft Security Essentials and ESET NOD32  easier to administer, control and remove. 

Security settings in VMware Fusion 4
One new feature of VMware Fusion 4 is the ability to encrypt VMs, but it’s not a perfect system. The encryption method is the older 128-bit AES encryption, even though the more secure 256-bit AES has been available for some time. Plus, the VM files (or “package,” in Mac OS parlance) are only encrypted when the VM is powered off. But what if you want to suspend or pause the VM? In those cases, the VM and its resources are not encrypted.

When I first upgraded to VMware Fusion 4, I was also surprised by some of the options that are enabled by default.

For instance, Bluetooth is enabled in the guest OS and Bluetooth Sharing is enabled between the guest and the host. Since the host and guest can potentially “share” the Bluetooth connections with, say, a nearby hacker’s Bluetooth device, they can both be compromised easily. For the best VMware Fusion security, this default setting is something you should disable.

Since the release of VMware Fusion 4, the post 4.01 release includes another default setting that’s best to disable. By default, the Downloads and Movies folders on your Mac’s hard drive are now “Mirrored.” While convenient, mirroring these folders is just another means to provide cross-OS infection and increases the overall attack surface of the VMware Fusion 4 host and guest OSes.

Locking down USB devices, shared folders
Along with Bluetooth, VMware Fusion 4 includes the ability to share other devices and services, such as USB devices and folders. In and of itself, sharing of these devices isn’t a big security concern; it’s what’s on these USB devices and in these shared folders that is worrisome. What if, for example, the USB device was compromised, or a rogue command file was executed from a shared folder causing either the guest or host OS to be infected?

It’s also important to remember that shared folders are not always local folders, but could be shares on your company or home network. If the shared folders are on a network, your attack surface increases greatly. Be very careful before you decide to choose Everyone and Full Control as your shared folder settings. Be sure to lock down any shares that you enable in VMware Fusion between the host and guest, both at the file level and in the Fusion preferences.

As a VMware Fusion 4 user, these are some of the default settings you should reconsider in order to protect both the guest and host OSes.

This was first published in December 2011

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top