Photo by Lukas from Pexels

First things first: What exactly is a virtual machine?

In a nutshell, a virtual machine, or VM, is “a computer file, typically called an image, that behaves like an actual computer…creating a computer within a computer.”

Virtual machines have a slew of useful applications. For example, you might want to test some new software before fully deploying it throughout your company. Or you could experiment with a new operating system for your business’s network before you take it live.

You don’t have to be a creative savant to imagine the possibilities here. However, when they’re not properly secured, virtual machines present real security risks for their users.

In the cybersecurity realm, there’s simply no way to completely remove risk from the equation. These six pointers will help strengthen your security posture while running virtual machines, though. Are any of these missing from your system?




1. Avoid Bridging Unless Specifically Indicated

Virtual machine tools commonly enable “bridging,” or the removal of certain partitions between the VM and the host device. Though bridging has limited applications for sophisticated users, you should disable it by default. In the absence of a specific-use case and a clear understanding of what you’re doing, don’t change this default. Doing so could open your system up to a host of potential threats, particularly if you’re testing sketchy software on your VM.


2. Use a Robust Backup Suite

Use a robust backup suite built to accommodate your virtual machine. For instance, if your go-to VM is Microsoft Hyper-V, you’ll need a suitable Microsoft Hyper-V backup system. Set and adhere to a regular backup schedule, or automate the process entirely. And get in the habit of imaging each new VM instance as soon as it’s spun up to preserve a clean copy for later use.


3. Limit Personal or Sensitive Information in Testing Environments

No matter how secure you know (or assume) your testing VM to be, avoid introducing personal or sensitive information. No containment mechanism is completely foolproof. It’s better to avoid even the remote likelihood of a breach than to realize you’re in hot water when it’s too late.



4. Be Quick to Disconnect Your Virtual Machine from the Internet

Realizing your virtual machine’s full potential as a testing medium likely requires a public Internet connection. But that doesn’t mean you shouldn’t wait until the last possible moment to connect your VM, nor to cut the connection at the first sign of trouble. If you suspect your VM has been compromised, burn it.


5. Don’t Offload Tested Software Until You’re Sure It’s Safe

Your VM is a great place to quarantine software of unclear provenance. However, that advantage evaporates the moment you deploy tested software on your host device. Therefore, be absolutely sure it’s safe before reaching this point.


6. Don’t Copy Deployed VMs or Nodes

Once you’ve exposed your VM to the public Internet, or even an internal network, it is no longer considered “clean.” Therefore, its future usefulness as a bare testing medium is limited.

“If a virtual node has been connected to a network or exposed to files from USB drives, it could contain malware,” writes cybersecurity expert James Cage. “Copy that node, and you also copy the risk.”


Keep ’Em Separated

Whole books have been written on proper virtual machine usage. You can’t possibly glean everything you need to know from a single blog post.

However, if there’s one lesson you take away from this overview, let it be that it’s always better to keep them separated. In this context, “them” means your virtual machine and the public Internet. If you don’t take proper precautions to wall off your virtualized platforms from the rapidly proliferating threats outside its walls, you’re in for a rough ride. And remember: Fortune always favors the prepared.