Book Image

Hyper-V Security

By : Eric Siron, Andrew Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andrew Syrewicze

Overview of this book

Table of Contents (15 chapters)
Hyper-V Security
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Disabling unnecessary components


A general rule in hardening any system is to turn off any system components that lack an identified, definite need. A good place to start narrowing this list to Hyper-V is with the list of roles that Microsoft doesn't support when Hyper-V is enabled. At this time, Microsoft has not published any official statement, but Hyper-V MVP Alessandro Cardoso has written an article on his blog that lists what roles are supported, viewable at http://cloudtidings.com/2013/04/20/sharing-roles-with-hyper-v-on-the-same-physical-host/. These items are:

  • File and Storage Services

  • Failover Clustering components

  • Multipath I/O

  • Remote Desktop Services

Although not specifically mentioned, management tools for all the preceding components as well as for Hyper-V are also allowed.

Tip

If other roles or features are desired, install them in a virtual machine.

The simplest approach is to not enable any features or roles after installing the management operating system, except Hyper-V and entries...