Virtualization and Private Cloud Security

Introduction

We are well aware that virtualization has been widely implemented, however, there are questions regarding adequate considerations for security threats, known or perceived. It appears that many organizations rest on superior security at the physical layer for a secure virtual layer. This is due in part to an organization that is not aware of the risks associated specifically with the virtual layer or individuals that lack the knowledge to implement adequate security measures.

This course covers all known and many perceived risks, demonstrates how to hack some of those risks and covers the best hardening practices known today. It covers many technologies related to the VMware vCloud Suite so that you know what you can and cannot do with the software as well as what needs to be added to your security posture to ensure a secure private cloud!

Some benefits of attending this course are:

  • Learn the latest technologies used to secure the vSphere and Private Cloud Infrastructure.
  • The risks to a virtual datacenter are higher than most organizations realize, be prepared to mitigate those risks.
  • Become a leader in the industry by staying on top of the security issues related to the private cloud.
  • We cover the best third party solutions related to virtualization and the private cloud.
  • This course will teach you how to test some of these known risks.
  • Our team of developers have worked in the security field for many years, they pioneered today’s designs for a secure virtual infrastructure and wrote the first course on virtual security, they have tried and true best practices throughout this course.
  • Take the VM’s home with you for additional work after class!
  • 50% of your time will be hands on.

Course Outline

Chapter 1 – Course Introduction

Chapter 2 – Virtualization and Cloud Overview

  1. Overview of Virtualization
  2. Overview of Cloud Technologies
  3. Design
  4. Functional Requirements
  5. Security Implications
  6. Examples

Chapter 3 – Developing a vSphere Private Cloud Security Posture

  1. CIA Triad
  2. Threat Modeling
  3. Emerging Threats
  4. External Threats
  5. Internal Threats
  6. Seven Step Approach to a Desired Security Posture
  7. Control Architecture
  8. Deep Dive into vSphere Risks
  9. Virtual Machine Risks
  10. ESXi Hosts Risks
  11. vNetwork Risks
  12. vCenter Risks
  13. vStorage Risks
  14. vCloud – Related to Private Cloud Risks

Chapter 4 – vSphere Native Controls

  1. ESXi Secure Architecture/ul>
  2. vCPU
  3. vMemory
  4. Virtual Machines Secure Architecture
  5. Virtual Machine Hardware
  6. Virtual Machine Files
  7. vCenter Features
  8. vMemory Management
  9. vCPU Management

iii. Clones and Templates

  1. Roles and Permissions
  2. Host and Cluster Native Controls
  3. VMKernel Preventative Controls
  4. vSphere 5.x Preventative Controls
  5. ESXi File Systems Structure
  6. Logging
  7. Lock Down Mode
  8. SSH Access
  9. ESXi Firewall
  10. vCloud Networking and Security
  11. Edge
  12. App Firewall
  13. VXLAN
  14. Data Security
  15. vCloud Ecosystem Framework
  16. vCenter Native Controls
  17. Single Sign-On
  18. High Availability
  19. Distributed Resource Scheduler
  20. vSphere Data Protection
  21. vSphere Replication
  22. Disaster Recovery Options

Chapter 5 – vNetwork Native Controls

  1. vSwitch Native Controls
  2. DvSwitch Native Controls
  3. How traffic routes
  4. Forged Packets
  5. VLANs
  6. PVLANs
  7. App Firewall

Chapter 6 – vStorage Security

  1. Understanding Storage within the Virtual Architecture
  2. Native Controls
  3. Storage Capabilities based on Versions
  4. Storage I/O Control
  5. vSphere Storage API’s
  6. All Paths Down and Permanent Device Loss
  7. Storage Profiles, Clusters and DRS
  8. Fiber Channel Security
  9. iSCSI Security
  10. NAS Security

Chapter 7 – Third Party Mitigation Solutions

  1. Catbird
  2. Cisco Adaptive Security Virtual Appliance
  3. Firefly Host – Juniper Networks Product
  4. HyTrust
  5. Sophos Endpoint Antivirus – Cloud
  6. Reflex VMC
  7. TrendMicro Deep Security
  8. WatchGuard

Chapter 8 – Assessing and Remediating

  1. Assessment Program Objectives
  2. Assessment Program Scope
  3. Prerequisites and Reliance
  4. Assessment Skills Requirement

Chapter 9 – Hardening the Virtual Machines

  1. The Basics
  2. Making best use of Templates
  3. Isolating the VM
  4. Managing Resources
  5. Advanced Settings
  6. Preventing Known Risks
  7. Auditing the VM
  8. Endpoint Security

Chapter 10 – Hardening the Host

  1. The Basics
  2. Managing Users
  3. DCUI Management
  4. Managing Access to Host
  5. Firewall Best Practices
  6. Advanced Settings
  7. vNetwork Hardening
  8. vStorage Hardening
  9. Managing Certificates

Chapter 11 – Hardening vCenter

  1. The Basics
  2. Controlling Access
  3. Managing Plug-Ins
  4. Converter
  5. Update Manager
  6. vCLI
  7. And Others
  8. Managing Certificates
  9. vCert Manager
  10. Using the App Firewall

Appendix – Additional Products only covered in extended hour’s delivery (Bootcamp Format)

  1. vCloud Native Controls
  2. How vCloud functions with vSphere
  3. Roles and Permissions
  4. Tenant and Landlord Controls
  5. vNetwork Controls
  6. vStorage Controls
  7. vApp Controls
  8. Compliance and vCenter Configuration Manager
  9. Overview of Compliance
  10. How Configuration Manager Helps
  11. Key components
  12. Free Compliance Checking Tools
  13. Additional vCloud Networking Deep Dive
  14. Edge
  15. VXLAN
  16. Data Security