A Review of Adopter’s Common Misconfigurations of Virtual Machines: The Case of Tanzania

Adoption and use of hypervisors and virtual machines have become heart of virtual server computing and are currently a primary choice to store and share data across different public and private sectors. However, one of the major security threats is on meager adopter’s knowledge on proper handling of hypervisor installation, VMs creation and configurations. This paper exposes distinct security vulnerabilities of virtualized systems that are caused by the adopters due to various system misconfigurations such as use of unified installer across virtual infrastructure, level of security enhancement in type 2 hypervisors, presence of untouched default settings in open source hypervisors, usage of vendor lock in VMs file formats, ad hoc creation of VMs and allocation of computing resources especially virtual CPU, RAM and HDD. Furthermore, undecided size of key Linux directories including /home directory, /boot directory, /var directory, root (/) directory, /temp directory and swap have also been assessed. To undertake this study, server configurations in 15 public and 9 private organizations were screened. A total of 31 purposively selected server administrators were interviewed guided by a checklist of questions in a semi-structured questionnaire. A quick observation obtained from the findings of this study suggests that server virtualization adopters operate at high security risks due to existence of uncoordinated and unsecured VMs configuration due to lack of required expertise. Lack of regular system auditing and monitoring turn the adopters into vulnerable and target of attack at any time without the adopter’s knowledge. The need for adopters to observe best practices towards adoption and use of virtualization software is vital.