*3.1.6 Network services*


**63**

same host.

*Security at the Edge*

and 139.

*3.1.7 System patches*

*DOI: http://dx.doi.org/10.5772/intechopen.92788*

• Use wrapper services, such as iptables.

• Schedule regular maintenance of security patches.

• Restrict local services to those required for operation.

• Implement protection for buffer overflow.

• Use a time server to correlate time for forensics.

• Enable logging of access requests on web servers.

• Secure the logging configuration file.

known vulnerabilities.

*3.1.8 Operating system minimisation*

*3.1.9 Logging and monitoring*

changes to user permissions.

• Monitor system log files.

*3.1.10 Hyperjacking*

• Reduce the number of trusted ports specified in the /etc./services file.

• Protect your system against NetBIOS threats associated with ports 137, 138

• Avoid using services that have a GUI, since such services introduce many

• Run the latest, vendor-recommended patches for the operating system.

• Remove non-essential applications to reduce possible system vulnerabilities.

• Log security-related events, including successful and failed logons, logoffs and

• Secure the system log files by restricting access permissions to them.

• Consider the use of a remote server for storage of logging information.

Hypervisor technology enables the deployment of numerous virtual machines (VMs) on the one system, indeed it is a key concept in shared cloud infrastructure. However, the deployment of multiple systems adds complexity and consequently the possibility for new exploits. The term virtualisation escape, or VMEscape, refers to the process by which an attacker can escape the confines of the virtual environment and is then able to exploit the host OS. Virtualised systems should therefore still be deployed under the supervision of firewalls, while guests with differing security levels, such as DMZ and internal, should not be combined on the

