SEC577: Virtualization Security Fundamentals

One of today's most rapidly evolving and widely deployed technologies is server virtualization. Many organizations are already realizing the cost savings from implementing virtualized servers, and systems administrators love the ease of deployment and management for virtualized systems. There are even security benefits to virtualization - easier business continuity and disaster recovery, single points of control over multiple systems, role-based access, and additional auditing and logging capabilities for large infrastructures.

With these benefits comes a dark side, however. Virtualization technology is the focus of many new potential threats and exploits and presents new vulnerabilities that must be managed. In addition, there are a vast number of configuration options that security and system administrators need to understand, with an added layer of complexity that has to be managed by operations teams. Virtualization technologies also connect to network infrastructure and storage networks and require careful planning with regard to access controls, user permissions, and traditional security controls.

Attendees will learn about virtualization security fundamentals with an in-depth treatment of today's most pressing virtualization security concerns: known attacks and threats, theoretical attack methods, and numerous real-world examples. Then we'll turn our attention to today's most popular enterprise server virtualization product, VMware vSphere. Attendees will learn about every aspect of locking down ESX and ESXi servers and the vCenter management server, as well as best practices for securing the virtual machine guests that reside on ESX and ESXi platforms. We'll also cover virtualization networking techniques in detail, laying out proven strategies for proper segmentation, virtual switching and routing considerations, network access controls and layer 2 policies, as well as how to build virtual DMZs and integrate with existing network infrastructure. The latest vSphere technologies will be covered, including Distributed Virtual Switches, vShield Zones, and Host Profiles.

Finally, attendees will learn essential strategies for securing storage interfaces to vSphere, as well as best practices for backup, recovery, and redundancy. We'll then wrap up with extensive information about compliance ramifications from virtualization, strategies to create and maintain compliance-focused controls using VMware, and operations processes and concepts to focus on, such as change and configuration management, separation of duties, and least privilege.

  • Virtualization Basics and Introduction
  • Virtual Networking
  • Virtual Switch Security Policies
  • Command-line Virtual Network Configuration and Administration
  • Virtual Network Architecture Design
  • vCenter Security and Administration
  • Virtual Infrastructure Client Security
  • ESX and ESXi Security
  • ESX File System Security
  • VM Guest Security
  • Storage Considerations
  • Backup and Recovery
  • Virtualization Risk Assessment
  • Virtualization Threats
  • Virtualization Vulnerabilities
  • Virtualization Attacks
  • Virtualization Audit and Compliance

Notice:

For SEC577 Virtualization Security Fundamentals courses conducted in the United States, a Laptop will be provided for class use. However, for International events and Onsite Classes, a Hard Drive will be provided for class use.

Course Syllabus
 
 
  Laptop Provided

Laptops for SEC577 lab exercises will be provided for students to use during class.* Students will be given CDs with labs loaded to take home after class.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 
  Who Should Attend
  • Security personnel who are tasked with securing VMware virtualization technologies
  • Network and systems administrators who need to understand how to architect, secure, and maintain virtualization technologies.
  • Technical auditors and consultants who need to gain a deeper understanding of VMware virtualization from a security and compliance perspective
 

Author Statement

As more organizations roll out virtualization technologies, security professionals need to understand the vast variety of configuration and architecture issues that could possibly lead to new vulnerabilities and, as a result, increased risk in their environments. This course aims to provide a firm foundation for all aspects of virtualization technology, covering the hosts, guests, networks, and management components. When students leave this class, they'll have all the tools they need to properly secure their virtual environments and maintain their desired security and compliance posture.

- Dave Shackleford, Rob VandenBrink, Chris Farrow

*CPE/CMU credits not offered for the SelfStudy delivery method

Type
Topic
Course
/ Location
/ Instructor
Date
Register

Onsite
All OnSite Course of Your Choice Your Choice  

*Course contents may vary depending upon location, see specific event description for details.