| Oracle® JRockit Virtual Edition User's Guide Release 2.0.0 Part Number E22518-01 |
|
|
View PDF |
| Oracle® JRockit Virtual Edition User's Guide Release 2.0.0 Part Number E22518-01 |
|
|
View PDF |
The following security guidelines are generic to any enterprise IT environment, not necessarily specific to virtualization.
Do not store sensitive data on an NFS Server.
Oracle JRockit Virtual Edition does not encrypt communication with NFS servers. So storing sensitive data on NFS servers can compromise the security of your system.
Make sure that the Java application is secure.
Oracle JRockit Virtual Edition provides a secure run-time environment for the virtual machine that you create from the Java application, but the Java application has full access to its files. So make sure that the Java application is secure.
Use a firewall to protect virtual machines (that are running on a local network) from external access.
Secure the virtualization server so that unauthorized users cannot gain root access to the server. Oracle JRockit Virtual Edition cannot protect itself if unauthorized root access to the virtualiztion server is possible.
Grant control and console access only to trusted users.
Configure the virtual infrastructure such that only users that need to modify the run-time state of virtual machines are authorized to access the virtual machine console. Oracle JRockit Virtual Edition cannot protect itself from virtual machine shutdown and other virtual machine-related attacks if this policy is not maintained.
Store the virtual machine files securely so that unauthorized users cannot access them.
When you suspend a running virtual machine in Oracle VM VirtualBox, non-root users will be able to access the file where the state of a suspended virtual machine is stored. Non-root users can examine the state of the virtual machine and pause the Oracle JRockit Virtual Edition instance.
To provide access restrictions to the virtual machine resources, such as the file system, leverage the security mechanism in Java JDK.
Virtual machines created by using Oracle JRockit Virtual Edition run as single-user processes. Any third-party sources can access the file system of the virtual machine.
To restrict access, enable security manager ( by using the -Djava.security.manager property) and customize the security policy in Java JDK. For more information about using security manager and security policy in Java JDK, see the Java documentation at:
http://download.oracle.com/javase/6/docs/technotes/guides/security/index.html
|
 Copyright © 2001, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
