Vmware Vsphere and Virtual Infrastructure Security Securing the Virtual Environment

Name: Vmware Vsphere and Virtual Infrastructure Security Securing the Virtual Environment
Price: 5.7 USD
Availability: InStock
ISBN: 9780137158003

ISBN-10: 0137158009

ISBN-13: 9780137158003

Edition: 2009

Authors: Edward L. Haletky

List price: $54.99

30 day, 100% satisfaction guarantee!

Marketplace

2 new & used from $5.70

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Book details

List price: $54.99
Copyright year: 2009
Publisher: Prentice Hall PTR
Publication date: 6/22/2009
Binding: Paperback
Pages: 552
Size: 7.25" wide x 9.75" long x 1.25" tall
Weight: 1.980
Language: English

Edward L. Haletky graduated from Purdue University in 1988 with a degree in Aeronautical and Astronautical Engineering. Since then, he has worked programming graphics and other low-level libraries on various UNIX platforms. He currently works for Hewlett-Packard in the High Performance Technical Computing Expert Team, dealing with Tru64 and Linux Clustering technologies, as well as general Linux and VMware environments. Edward has also published articles about interoperability, clustering, and security issues for Linux. Background: Assist customers in solving Compaq Tru64 UNIX, and LINUX Operating System, compiler, shell, and application related issues. Assist customers in the programming…




What Is a Security Threat?


The 10,000 Foot View without Virtualization


The 10,000 Foot View with Virtualization


Applying Virtualization Security


Definitions


Threat


Vulnerability


Fault


The Beginning of the Journey



Holistic View from the Bottom Up


Attack Goals


Anatomy of an Attack


Footprinting Stage


Scanning Stage


Enumeration Stage


Penetration Stage


Types of Attack


Buffer Overflows


Heap Overflows


Web-Based Attacks


Layer 2 Attacks


Layer 3 Nonrouter Attacks


DNS Attacks


Layer 3 Routing Attacks


Man in the Middle Attack (MiTM)


Conclusion



Understanding VMware vSphere<sup>TM</sup> and Virtual Infrastructure Security


Hypervisor Models


Hypervisor Security


Secure the Hardware


Secure the Management Appliance


Secure the Hypervisor


Secure the Management Interfaces


Secure the Virtual Machine


Conclusion



Storage and Security


Storage Connections within the Virtual Environment


Storage Area Networks (SAN)


Network Attached Storage (NAS)


Internet SCSI (iSCSI) Servers


Virtual Storage Appliances


Storage Usage within the Virtual Environment


VM Datastore


Ancillary File Store


Backup Store


Tape Devices


Storage Security


Data in Motion


Data at Rest


Storage Security Issues


VCB Proxy Server


SCSI reservations


Fibre Channel SAN (Regular or NPIV)


iSCSI


NFS


CIFS for Backups


Shared File Access over Secure Shell (SSH) or Secure Copy Use


FTP/R-Command Usage


Extents


Conclusion



Clustering and Security


Types of Clusters


Standard Shared Storage


RAID Blade


VMware Cluster


Virtual Machine Clusters


Security Concerns


Heartbeats


Isolation


VMware Cluster Protocols


VMware Hot Migration Failures


Virtual Machine Clusters


Management


Conclusion



Deployment and Management


Management and Deployment Data Flow


VIC to VC (Including Plug-Ins)


VIC to Host


VC webAccess


ESX(i) webAccess


VI SDK to VC


VI SDK to Host


RCLI to Host


RCLI to VC


SSH to Host


Console Access


Lab Manager


Site Manager


LifeCycle Manager


AppSpeed


CapacityIQ


VMware Update Manager


Management and Deployment Authentication


Difference Between Authorization and Authentication


Mitigating Split-Brain Authorization and Authentication


Security of Management and Deployment Network


Using SSL


Using IPsec


Using Tunnels


Using Deployment Servers


Security Issues during Management and Deployment


VIC Plug-ins


VMs on the Wrong Network


VMs or Networks Created Without Authorization


VMs on the Wrong Storage


VMs Assigned to Improper Resource Pools


Premature Propagation of VMs from Quality Assurance to Production


Physical to Virtual (P2V) Crossing Security Zones


Conclusion



Operations and Security


Monitoring Operations


Host Monitoring


Host Configuration Monitoring


Performance Monitoring


Virtual Machine Administrator Operations


Using the Wrong Interface to Access VMs


Using the Built-in VNC to Access the Console


Virtual Machine Has Crashed


Backup Administrator Operations


Service Console Backups


Network Backups


Direct Storage Access Backups


Virtual Infrastructure Administrator Operations


Using Tools Across Security Zones


Running Commands Across All Hosts


Management Roles and Permissions Set Incorrectly


Conclusion



Virtual Machines and Security


The Virtual Machine


Secure the Virtual Hardware


Secure the Guest OS and Application


Secure the Hypervisor Interaction Layer


Virtual Machine Administration


Virtual Machine Creation


Virtual Machine Modification


Virtual Machine Deletion


Conclusion



Virtual Networking Security


Virtual Networking Basics


Basic Connections


802.1q or VLAN Tagging


Security Zones


Standard Zones


Best Practices


Virtualization Host with Single or Dual pNIC


Three pNICs


Four pNICs


Five pNICs


Six pNICs


Eight pNICs


Ten pNICs


pNIC Combination Conclusion


Cases


DMZ on a Private vSwitch


Use of Virtual Firewall to Protect the Virtualization Management Network


VMware as a Service


Tools


Intrusion Detection and Prevention


Auditing Interfaces


Conclusion



Virtual Desktop Security


What Is VDI?


Components


VDI Products


VDM


VDM's Place in the Network


The VDM Connection Server


The VDM Client


The VDM Web Access Client


The VDM Agent for Virtual Desktops


Security Implications


VMware View


Linked Clones: What Are They and How Do They Change Security?


Storage Overcommit


Overview of Linked Clones


Protecting the VC


Offline Desktops


SSL in a VDM or View Environment


Secure VDI Implementation


Secure the Virtual Desktop


Conclusion



Security and VMware ESX


VMware ESXi Hardening Recipe


VMware ESX Hardening Recipe



Root Password



Shadow Password



IPtables Firewall



Lockdown by Source IP



Run Security Assessments



Apply Hardening per Assessments



Additional Auditing Tools


Conclusion



Digital Forensics and Data Recovery


Data Recovery


Data Recovery-Host Unavailable


Data Recovery-Corrupt LUN


Data Recovery-Re-create LUN


Data Recovery-Re-create Disk


Digital Forensics


Digital Forensics-Acquisition


Digital Forensics-Analysis


Digital Forensics-Who Did What, When, Where, and How?


Conclusion


Conclusion: Just the Beginning: The Future of Virtualization Security



Patches to Bastille Tool



Security Hardening Script



Assessment Script Output


CIS-CAT Output


Bastille-Linux Output


DISA STIG Output


Tripwire ConfigCheck Output



Suggested Reading and Useful Links


Books


Whitepapers


Products


Useful Links


Glossary


Index