Skip to content

Vmware Vsphere and Virtual Infrastructure Security Securing the Virtual Environment

Spend $50 to get a free DVD!

ISBN-10: 0137158009

ISBN-13: 9780137158003

Edition: 2009

Authors: Edward L. Haletky

List price: $54.99
Shipping box This item qualifies for FREE shipping.
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Customers also bought

Book details

List price: $54.99
Copyright year: 2009
Publisher: Prentice Hall PTR
Publication date: 6/22/2009
Binding: Paperback
Pages: 552
Size: 7.25" wide x 9.75" long x 1.25" tall
Weight: 1.980
Language: English

Edward L. Haletky graduated from Purdue University in 1988 with a degree in Aeronautical and Astronautical Engineering. Since then, he has worked programming graphics and other low-level libraries on various UNIX platforms. He currently works for Hewlett-Packard in the High Performance Technical Computing Expert Team, dealing with Tru64 and Linux Clustering technologies, as well as general Linux and VMware environments. Edward has also published articles about interoperability, clustering, and security issues for Linux. Background: Assist customers in solving Compaq Tru64 UNIX, and LINUX Operating System, compiler, shell, and application related issues. Assist customers in the programming…    

What Is a Security Threat?
The 10,000 Foot View without Virtualization
The 10,000 Foot View with Virtualization
Applying Virtualization Security
The Beginning of the Journey
Holistic View from the Bottom Up
Attack Goals
Anatomy of an Attack
Footprinting Stage
Scanning Stage
Enumeration Stage
Penetration Stage
Types of Attack
Buffer Overflows
Heap Overflows
Web-Based Attacks
Layer 2 Attacks
Layer 3 Nonrouter Attacks
DNS Attacks
Layer 3 Routing Attacks
Man in the Middle Attack (MiTM)
Understanding VMware vSphere<sup>TM</sup> and Virtual Infrastructure Security
Hypervisor Models
Hypervisor Security
Secure the Hardware
Secure the Management Appliance
Secure the Hypervisor
Secure the Management Interfaces
Secure the Virtual Machine
Storage and Security
Storage Connections within the Virtual Environment
Storage Area Networks (SAN)
Network Attached Storage (NAS)
Internet SCSI (iSCSI) Servers
Virtual Storage Appliances
Storage Usage within the Virtual Environment
VM Datastore
Ancillary File Store
Backup Store
Tape Devices
Storage Security
Data in Motion
Data at Rest
Storage Security Issues
VCB Proxy Server
SCSI reservations
Fibre Channel SAN (Regular or NPIV)
CIFS for Backups
Shared File Access over Secure Shell (SSH) or Secure Copy Use
FTP/R-Command Usage
Clustering and Security
Types of Clusters
Standard Shared Storage
RAID Blade
VMware Cluster
Virtual Machine Clusters
Security Concerns
VMware Cluster Protocols
VMware Hot Migration Failures
Virtual Machine Clusters
Deployment and Management
Management and Deployment Data Flow
VIC to VC (Including Plug-Ins)
VIC to Host
VC webAccess
ESX(i) webAccess
VI SDK to Host
RCLI to Host
SSH to Host
Console Access
Lab Manager
Site Manager
LifeCycle Manager
VMware Update Manager
Management and Deployment Authentication
Difference Between Authorization and Authentication
Mitigating Split-Brain Authorization and Authentication
Security of Management and Deployment Network
Using SSL
Using IPsec
Using Tunnels
Using Deployment Servers
Security Issues during Management and Deployment
VIC Plug-ins
VMs on the Wrong Network
VMs or Networks Created Without Authorization
VMs on the Wrong Storage
VMs Assigned to Improper Resource Pools
Premature Propagation of VMs from Quality Assurance to Production
Physical to Virtual (P2V) Crossing Security Zones
Operations and Security
Monitoring Operations
Host Monitoring
Host Configuration Monitoring
Performance Monitoring
Virtual Machine Administrator Operations
Using the Wrong Interface to Access VMs
Using the Built-in VNC to Access the Console
Virtual Machine Has Crashed
Backup Administrator Operations
Service Console Backups
Network Backups
Direct Storage Access Backups
Virtual Infrastructure Administrator Operations
Using Tools Across Security Zones
Running Commands Across All Hosts
Management Roles and Permissions Set Incorrectly
Virtual Machines and Security
The Virtual Machine
Secure the Virtual Hardware
Secure the Guest OS and Application
Secure the Hypervisor Interaction Layer
Virtual Machine Administration
Virtual Machine Creation
Virtual Machine Modification
Virtual Machine Deletion
Virtual Networking Security
Virtual Networking Basics
Basic Connections
802.1q or VLAN Tagging
Security Zones
Standard Zones
Best Practices
Virtualization Host with Single or Dual pNIC
Three pNICs
Four pNICs
Five pNICs
Six pNICs
Eight pNICs
Ten pNICs
pNIC Combination Conclusion
DMZ on a Private vSwitch
Use of Virtual Firewall to Protect the Virtualization Management Network
VMware as a Service
Intrusion Detection and Prevention
Auditing Interfaces
Virtual Desktop Security
What Is VDI?
VDI Products
VDM's Place in the Network
The VDM Connection Server
The VDM Client
The VDM Web Access Client
The VDM Agent for Virtual Desktops
Security Implications
VMware View
Linked Clones: What Are They and How Do They Change Security?
Storage Overcommit
Overview of Linked Clones
Protecting the VC
Offline Desktops
SSL in a VDM or View Environment
Secure VDI Implementation
Secure the Virtual Desktop
Security and VMware ESX
VMware ESXi Hardening Recipe
VMware ESX Hardening Recipe
Root Password
Shadow Password
IPtables Firewall
Lockdown by Source IP
Run Security Assessments
Apply Hardening per Assessments
Additional Auditing Tools
Digital Forensics and Data Recovery
Data Recovery
Data Recovery-Host Unavailable
Data Recovery-Corrupt LUN
Data Recovery-Re-create LUN
Data Recovery-Re-create Disk
Digital Forensics
Digital Forensics-Acquisition
Digital Forensics-Analysis
Digital Forensics-Who Did What, When, Where, and How?
Conclusion: Just the Beginning: The Future of Virtualization Security
Patches to Bastille Tool
Security Hardening Script
Assessment Script Output
CIS-CAT Output
Bastille-Linux Output
Tripwire ConfigCheck Output
Suggested Reading and Useful Links
Useful Links