For the most part, virtual machines should be secured in the same way as a physical server. Ensure that anti-virus and patches are kept up to date. Disable anything that is unnecessary on the virtual machine. For example, if serial ports or the floppy drive are not in use for a virtual machine, disable those interfaces or remove those devices. Unused interfaces could potentially be used for direct access to a virtual machine. Ideally, these configurations are made once on a virtual machine that is converted to a template, thereby reducing the risk of misconfiguration.
There are several advanced configurations that can be made to help harden the virtual machines. To do so: