The guest operating system that runs in the virtual machine is subject to the same security risks as a physical system. Secure virtual machines as you would secure physical machines. General Virtual Machine ProtectionA virtual machine is, in most respects, the equivalent of a physical server. Employ the same security measures in virtual machines that you do for physical systems. Disable Unnecessary Functions Inside Virtual MachinesAny service running in a virtual machine provides the potential for attack. By disabling unnecessary system components that are not necessary to support the application or service running on the system, you reduce the number of components that can be attacked. Use Templates to Deploy Virtual MachinesWhen you manually install guest operating systems and applications on a virtual machine, you introduce a risk of misconfiguration. By using a template to capture a hardened base operating system image with no applications installed, you can ensure that all virtual machines are created with a known baseline level of security. Prevent Virtual Machines from Taking Over ResourcesWhen one virtual machine consumes so much of the host resources that other virtual machines on the host cannot perform their intended functions, a Denial of Service (DoS) might occur. To prevent a virtual machine from causing a DoS, use host resource management features such as setting shares and limits to control the server resources that a virtual machine consumes. Limit Informational Messages from Virtual Machines to VMX FilesLimit informational messages from the virtual machine to the VMX file to avoid filling the datastore and causing a Denial of Service (DoS). A Denial of Service can occur when you do not control the size of a virtual machine's VMX file and the amount of information exceeds the datastore's capacity. Prevent Virtual Disk Shrinking in the vSphere Web ClientNonadministrative users in the guest operating system are able to shrink virtual disks. Shrinking a virtual disk reclaims the disk's unused space. However, if you shrink a virtual disk repeatedly, the disk can become unavailable and cause a denial of service. To prevent this, disable the ability to shrink virtual disks. Minimize Use of Virtual Machine ConsoleThe virtual machine console provides the same function for a virtual machine that a monitor on a physical server provides. Users with access to the virtual machine console have access to virtual machine power management and removable device connectivity controls, which might allow a malicious attack on a virtual machine. Configuring Logging Levels for the Guest Operating SystemVirtual machines can write troubleshooting information into a virtual machine log file stored on the VMFS volume. Virtual machine users and processes can abuse logging either on purpose or inadvertently so that large amounts of data flood the log file. Over time, the log file can consume enough file system space to cause a denial of service.