The RHV Hypervisor has various security features enabled. Security Enhanced Linux (SELinux) and the iptables firewall are fully configured and on by default. SELinux and sVirt adds security policy in kernel for effective intrusion detection, isolation and containment (SELinux is essentially a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control architecture into the major subsystems of the kernel. e.g. with SELinux you can give each qemu process a different SELinux label to prevent a compromised qemu from attacking other processes and also allows you to label the set of resources that each process can see , so that a compromised qemu can only attack its own disk images).

Advanced network security features like VLAN tagging and port mirroring are part of RHV, but there are no additional security-specific add-ons included with RHV (e.g. to address advanced fire-walling, edge security capabilities or Anti-Virus APIs).