Designing Information Security Architecture for Virtualized Environments per RSC BR IBBS-2.8-2015
When designing an information security architecture in virtualized environments, the key step is defining security boundaries. If the system processes payment transactions (PTP) or personal data (PDP), separate security zones must be established: PTP and PDP. In the absence of such requirements, zones are determined by the criticality of business processes.
Physical isolation of host servers is mandatory for VMs from different security zones. Placing VMs on separate physical servers minimizes the risk of threat propagation. When shared hosts are used, logical isolation at the hypervisor level must be implemented as specified in section 6.2.
Network access separation is enforced using certified Layer 3 firewalls. Access to PTP zone VMs is allowed only from PTP workstations, and access to PDP zone VMs is permitted only from PDP workstations (sections 6.3, 6.4, 6.9).
Hypervisor Configuration and VM Image Management
A certified hypervisor is strongly recommended (section 6.11). Configuration includes:
- Allocating dedicated logical memory regions for each security zone (section 6.5).
- Blocking unauthorized data exchange between VMs and the host OS.
VM image management must follow a strict process:
- Create a base image.
- Test it in an isolated segment on a dedicated server.
- Scan for malware and verify integrity of the security controls.
- Obtain approval from the Information Security team before deployment (sections 7.1–7.8).
One server component of the ABS corresponds to one VM—no consolidation allowed. For VDI, changes must not be saved to the base image; forced rollback is required.
Base Image -> Test Segment -> Malware/Security Check -> IS Approval -> Production
Administration and Component Protection
Hypervisor and host administration must be performed exclusively from dedicated workstations within the management segment (section 8.1). Certified security tools must prevent unauthorized access (UAA, section 8.2). Virtualization components must never be installed inside VMs (section 8.4).
Mandatory logging includes:
- VM start/stop events.
- Network configuration changes.
- Image copying activities.
- Administrator logins (section 8.7).
VM protection operates at the hypervisor level: agentless antivirus solutions in guest operating systems (section 9.6). Certified security tools monitor software integrity and access control (section 9.4).
For workstations, two-factor authentication (tokens) is required to access PTP/PDP zones (section 10.5), along with trusted OS boot and port control (sections 10.1, 10.3).
Role Separation and Storage Area Network (SAN) Protection
Role segregation prevents role overlap (section 12.2):
- VM Administrator: manages applications within VMs.
- Virtualization Administrator: creates VMs and manages images.
- Virtualization IS Administrator: configures networks and access policies.
- SAN Administrator: manages disk arrays.
No single individual has access to all layers—hypervisor, storage, and VM content.
The SAN must be segmented into logical partitions by security zone (PTP, PDP, system, section 13.1). Access to PTP partitions is restricted to PTP VMs only (section 13.3.1).
Key Takeaways
- Physical isolation between PTP/PDP zones is mandatory; logical isolation is required only when needed.
- All security tools and hypervisors must be certified by FSB/FSTEC.
- The role model strictly separates hypervisor, SAN, and VM administration.
- VM images undergo mandatory testing and IS approval before deployment.
- Hypervisor and security tool event logging is centralized on a dedicated server.
— Editorial Team
No comments yet.