Proxmox Host
Description
The Proxmox host provides the primary virtualization platform for the Scheol Lab infrastructure. It enables the deployment and isolation of multiple virtual machines and containers used for security experimentation, monitoring platforms and infrastructure services.
The host is located within the on-premise environment and acts as the foundation of the internal infrastructure layer.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | INF-PRX-01 |
| CI Type | Infrastructure |
| Asset Name | Proxmox Host |
| Asset Category | Virtualization Platform |
| Owner | Operations Role (Ops) |
| Status | Deployed |
| Location | On-Premise Lab Infrastructure |
| Primary Function | Hosting virtual machines and infrastructure services |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Physical Infrastructure | Host Hardware | Active |
| Network Connectivity | Internal Network | Active |
| Hosted Services | Virtual Machine - Firewall | Active |
| Hosted Services | Virtual Machines - Bastion, Monitoring, Automation | Planned |
Relationships
| Relationship | Target CI |
|---|---|
| Hosts | OPNsense Firewall |
| Supports capability | Infrastructure Automation |
| Supports capability | Security Monitoring & Detection |
| Supports capability | Identity & Access Management |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟨 Medium |
| Integrity | 🟥 High |
| Availability | 🟥 High |
Criticality score: 🟥 High
Rationale:
- Integrity is critical because compromise of the hypervisor would affect all hosted systems.
- Availability is essential for maintaining access to hosted services and lab operations.
Responsibilities
| Role | Responsibility |
|---|---|
| Operations Role (Ops) | Deployment, patching, infrastructure maintenance |
| Security Role (Sec) | Hardening policies, monitoring integration, risk evaluation |
Security Controls (High-Level)
The following types of controls are typically applied to this asset:
- Access Control - restricted administrative access
- Configuration Hardening - secure baseline configuration
- Monitoring & Logging - integration with centralized logging
- Patch Management - regular security updates
Security Considerations
Main risks associated with this asset include:
- Hypervisor compromise
- Unauthorized administrative access
- Misconfiguration of VM isolation
- Failure of underlying hardware
Security measures may include:
- Access restriction to management interfaces
- Secure authentication mechanisms
- Network segmentation
- Regular patch management
- Integration with centralized logging and monitoring platforms
Methodological References:
- ISO 27001 - Control 5.1 Policies for information security ; Control 8.2 Information asset management ; Control 8.16 Monitoring activities.
- NIST CSF - ID.AM Asset Management ; PR.IP Information Protection Processes and Procedures, DE.CM Continuous Monitoring.
- *EBIOS RM - Identification and protection of critical virtualized infrastructure assets.