Virtual network switches provide specific security features. With it, administrators can create and enforce policies, block network interfaces, or malicious traffic between VMs.
Virtual network switches, such as those created in a VMware environment, provide many valuable security features. Administrators of virtual environments may not be aware of this, but it is possible to apply security policies to virtual switch ports. While physical switch ports have no idea of the port configuration of the physical network interfaces that are attached to them, the virtual switches can detect which virtual network ports are connected to them. Administrators can create and enforce policies that help maintain their security posture.
For example, a virtual switch might prevent a guest virtual machine from changing its MAC address, a common sign of malicious activity.
The security policy for the proximity mode is set at the virtual switch or port group.
When enabled, the promiscuous mode allows you to see all unicast network traffic traversing a virtual switch. Since this behavior is not desirable for security, this mode of operation is disabled by default: a virtual machine sees only packets addressed to it. The security policy for promiscuous mode is set at the virtual switch or port group.
Lock a MAC address
Another valuable network security feature associated with virtual switches is MAC address locking. A MAC address represents the permanent physical identifier of each network device.
MAC addresses are assigned to virtual machines as part of their network configuration, but they can be modified quite easily in virtual machines. But this is not desirable and may be a sign of malicious activity. Locking the MAC address prevents this
Block traffic from virtual machines
Finally, virtual switches can block counterfeit traffic from virtual machines. Normally, a network device – such as a virtual switch – does not compare the MAC addresses in the IP packets with the MAC address of the sending device to make sure they match. This may allow the sending of malicious traffic using tactics such as MAC address spoofing. When the virtual switch compares MAC addresses, it can block counterfeit traffic.