A virtual machine is, in most respects, the equivalent of a physical server. Employ the same security measures in virtual machines that you do for physical systems.
Follow these best practices to protect your virtual machines. For additional information, see the vSphere Security Configuration Guide at https://core.vmware.com/security-configuration-guide.
Patch Virtual Machines
Keep all security measures up-to-date, including applying appropriate patches. Keep track of updates for dormant virtual machines that are powered off, because it can be easy to overlook them. For example, ensure that anti-virus software, anti-spyware, intrusion detection, and other protections are enabled for virtual machines in your virtual infrastructure. Also, ensure that you have enough space for the virtual machine logs.
Scan Virtual Machines for Viruses
Because each virtual machine hosts a standard operating system, you must protect it from viruses by installing anti-virus software. Depending on how you use the virtual machine, you might also want to install a software firewall.
Stagger the schedule for virus scans, particularly in deployments with a large number of virtual machines. Performance of systems in your environment degrades significantly if you scan all virtual machines simultaneously. Because software firewalls and anti-virus software can be virtualization-intensive, balance the need for these two security measures against virtual machine performance, especially if you are confident that your virtual machines are in a fully trusted environment.
Deactivate Serial Ports on Virtual Machines
Serial ports are interfaces for connecting peripherals to the virtual machine. Administrators often use serial ports to provide a direct, low-level connection to the console of a server. A virtual serial port allows for the same access to a virtual machine. Because serial ports allow for low-level access, and do not have strong controls like logging or privileges, keep them deactivated on virtual machines.