When deploying Red Hat Virtualization on your corporate infrastructure, you must ensure that the host(dom0) cannot be compromised. dom0 is the privileged domain that handles system management. If dom0 is insecure, all other domains in the system are vulnerable. There are several ways to enhance security on systems using Red Hat Virtualization. You or your organisation should create a deployment plan containing the operating specifications and specifies which services are needed on your virtualized guests and host servers as well as what support is required for these services. Here are a few security issues to consider while developing a deployment plan:
Run the lowest number of necessary services. You do not want to include too many jobs and services in dom0. The fewer processes and services running on dom0, the higher the level of security and performance.
Enable SELinux on the hypervisor(dom0). Read Chapter 11, SELinux and virtualization for more information on using SELinux and virtualization.
Use a firewall to restrict traffic to dom0. You can setup a firewall with default-reject rules that will help secure attacks on dom0. It is also important to limit network facing services.
Do not allow normal users to access dom0. If you do permit normal users dom0 access, you run the risk of rendering dom0 vulnerable. Remember, dom0 is privileged, and granting unprivileged accounts may compromise the level of security.