Summary
5 days
A critical and often overlooked aspect of migrating to a virtualized environment is security and setting up security properly. Like physical machines, virtualization technologies are not secure “out of the box” and VMware is no exception. The Advanced VMware Security course focuses on “where the vulnerabilities lie” and how to reduce the attack surfaces in the virtualized environment.
This course goes beyond the typical security protocols administrators use to secure their environments and delves much deeper into the actual working (and shortcomings) of the VMware environment. Students will take a 360 degree look at the potential threats, how to defend and defeat them, and establish a solid foundation to build secure virtual data centers from the ground up.
Course Summary
- Learn the actual internal workings of VMware, and compare them to physical and virtual devices
- Discover how to securely set up port groups and VLANSUnderstand the aspect of securing failover configurations
- Distinguish between Denial of Service Failovers that wide open failovers and closed failovers
- Dive deep into the different layers of security and explore features to include how traffic routes between VM’s and different hosts, common denominators of
- Physical and Virtual Environments, and how to make the virtual environment the most secure
- Walk away knowing how to secure a VMware environment in a DMZ and how to protect yourself from the common vulnerabilities of VMware attack surfaces from the eyes of an attacker
- Receive in depth information on how to harden you ESX environment, and comprehensively understand all aspects of how to do that
- Demonstrate their proficiency in class working on a state-of-the-art data center and performing hands-on labs to reinforce the learning objectives
- Course developed and taught by a Licensed Penetration Tester who has a long history of vulnerability audits with US National Security Teams and audits of many foreign governments
- Designed and taught from the perspective of how an attacker would get into your Virtual Environment from an attacker who has done JUST THAT!
Who Should Attend
System Administrators and Security Administrators using virtualization software.
Prerequisites
- Course VMW01 VMware vSphere 4.1 Ultimate Boot Camp or equivalents knowledge and experience
Chapter 1 - Primer and Reaffirming Our Knowledge
ESX Networking Components
Virtual Ethernet Adapters and How they Work
Virtual Switches and How They Work
VMsafe
Virtual Switch vis-à-vis Physical Switch
Why the Spanning Tree Protocol is Superfluous
What are Virtual Ports and Why Should We Be Concerned?
VMWare So-Called “Uplink Ports” and Their Interaction with the Physical Equivalent
Concept of Port Groups - They are Out of This (Physical) World!
Virtual Switch Correctness
VLANs in VMWare Infrastructure
NIC Teaming
Load Balancing
Failover Configurations
Layer Security Features
Managing the Virtual Network with“vCenter”
Cryptography and Certificates
Symmetric vs. Asymmetric Encryption
Hashing
Digital Signatures
Breaking SSL Traffic to and from the VIC
UNIX File System Structure
Kernel
Processes
When Do the Processes Start?
Starting and Stopping Processes
Interacting with Processes
Account and Groups
Password and Shadow File Formats
Linux and UNIX Permissions
Set UID Programs
Logs and Auditing
Chapter 2 - Routing and the Security Design of VMware
Security of Routing Data
How traffic is routed between Virtual Machines on ESX hosts
Different vSwitches, same port group and VLAN
Same vSwitch, different port group and VLAN
Same vSwitch, same port group and VLAN
Security Design of the “The VMware Infrastructure Architecture”
VMware Infrastructure Architecture and Security Features
Virtualization Layer
CPU Virtualization
Buffer overflow
Memory Virtualization
Virtual Machines
Service Console
Virtual Networking Layer
Virtual Switches
Virtual Switch LANs
Virtual Ports
Virtual Network Adapters
Virtual Switch Isolation
Virtual Switch Correctness
Virtualized Storage
SAN Security
VMware Virtual Center
Chapter 3 - Remote DataStore Security
Fiber Channel Architecture
Mask and Zone SAN Resources
LUN Masking
SAN Zoning
Port Zoning
Hard and Soft Zoning
WWN Zoning
FCAP, FCPAP
DH-CHAP
Switch Link Fiber Channel – Security Protocol
ESP over Fiber Channel
Attacking Fiber Channel
Securing Fiber Channel
iSCSI vs Fiber Channel
iSCSI Architecture
iSCSI Security Features
Securing iSCSI SANs
Chapter 4 - Penetration Testing 101
What is a Penetration Test?
Benefits of a Penetration Test
What is the Cost of a Hack?
Current Issues
Malware/Virus
Active Zombies
Active Botnets
Identity Theft
Social Engineering, Exploits and Chained Exploits
Chained Exploit Example
The Evolving Threat
Pen Testing Methodology
Types of Pen Tests
Website Review
Common Management Errors
It’s Not Just About the Tools!
Chapter 5 - Information Gathering, Scanning and Enumeration
What Information Does the Hacker Gather?
Methods of Obtaining Information
Footprinting Defined
Maltego
Firefox Add-Ons
Google Hacking
Introduction to Port Scanning
Port Scanning Tools
NMAP
TCP Connect Port Scan
Half-Open Scan
Firewalled Ports
Service Version Detection
Additional NMAP Scans
UDP Scans
Enumeration Overview
Web Server Banner Grabbing
Telnet
SuperScan
SMTP Server Banner
DNS Enumeration
Zone Transfers
Backtrack Tools
Active Directory Enumeration
LDAPminer
Null Sessions
Enumeration with Cain and Abel
NAT Dictionary Attack Tool
THC-Hydra
Cool Stuff with Cain
Chapter 6 - Penetration Testing and the Tools of the Trade
Vulnerabilities in Network Services
Vulnerability Assessment Scanners
Nessus
Saint
Windows Password Cracking
Syskey Encryption
Cracking Techniques
Cryptanalysis
Disabling Auditing
Clearing the Event Log
Alternate Data Streams
Stream Explorer
Encrypted Tunnels
Port Monitoring Software
Rootkits
Metasploit
Fuzzers
SaintExploit and Core Impact
Penetration Testing Tool Comparison
Wireshark
ARP Cache Poisoning
Cain and Abel
Ettercap
Chapter 7 -DMZ Virtualization and Common Attack Vectors
Virtualized DMZ Networks
Typical Virtualized DMZ
Three Typical Virtualized DMZ Configurations
Partially Collapsed DMZ with Separate Physical Trust Zones
Partially Collapsed DMZ with Virtual Separation of Trust Zones
Fully Collapsed DMZ
Best Practices for Achieving a Secure Virtualized DMZ Deployment
Harden and Isolate the Service Console
Clearly Label Networks for each Zone within the DMZ
Set Layer Security Options on Virtual Switches
Enforce Separation of Duties
Use ESX Resource Management Capabilities
Regularly Audit Virtualized DMZ Configuration
How we understand Fake Certificate Injection to work
Generic TLS renegotiation prefix injection vulnerability
Abuses of Renegotiation
• Summary – By Protocol
• Summary – By Application
Renegotiation Solutions
Testing for a renegotiation vulnerability
Renegotiation Vulnerability requirements
Renegotiation Example
Patched server with disabled renegotiation
GuestStealer
Chapter 8 - Hardening Your ESX Server
Hardening Your ESX Server
ESX Best Practices
Virtual Machines
Secure Virtual Machines as You Would Secure Physical Machines
Disable Unnecessary or Superfluous Functions
Take Advantage of Templates
Prevent Virtual Machines from Taking Over Resources
Isolate Virtual Machine Networks
VM Segmentation
Minimize Use of the VI Console
Virtual Machine Files and Settings
Disable Copy and Paste Operations Between the Guest Operating System and Remote Console
Limit Data Flow From the Virtual Machine to the Datastore
SetInfo Hazard
Do Not Use Nonpersistent Disks
Ensure Unauthorized Devices are Not Connected
Prevent Unauthorized Removal or Connection of Devices
Avoid Denial of Service Caused by Virtual Disk Modification Operations
Specify the Guest Operating System Correctly
Verify Proper File Permissions for Virtual Machine Files
Configuring the Service Console in ESX
Configure the Firewall for Maximum Security
Limit the Software and Services Running in the Service Console
Use VI Client and vCenter to Administer the Hosts Instead of Service Console
Use a Directory Service for Authentication
Strictly Control Root Privileges
Control Access to Privileged Capabilities
Establish a Password Policy for Local User Accounts
ESX/Linux User Authentication
Configuring ESX Authentication
ESX Authentication Settings
Do Not Manage the Service Console as if It Were a Linux Host
Maintain Proper Logging
ESX Log File Locations
ESX Log Files
Establish and Maintain File System Integrity
Secure the SNMP Configuration
Protect against the Root File System Filling Up
Disable Automatic Mounting of USB Devices
Configuring the ESX/ESXi Host
Isolate the Infrastructure-Related Networks
Configure Encryption for Communication between Clients and ESX/ESXi
Label Virtual Networks Clearly
Do Not Create a Default Port Group
Do Not Use Promiscuous Mode on Network Interfaces
Protect against MAC Address Spoofing
Secure the ESX/ESXi Host Console
Mask and Zone SAN Resources Appropriately
Secure iSCSI Devices Through Authentication
Chapter 9 - Hardening your ESXi Server
Best Practices ESXi
Configuring Host-Level Management in ESXi
Strictly Control Root Privileges
Control Access to Privileged Capabilities
Maintain Proper Logging
Establish and Maintain Configuration File Integrity
Secure the SNMP Configuration
Ensure Secure Access to CIM
Audit or Disable Technical Support Mode
Chapter 10 - Hardening your vCenter Server
vCenter
Set Up the Windows Host for vCenter with Proper Security
Limit Administrative Access
Limit Network Connectivity to vCenter
Use Proper Security Measures when Configuring the Database for vCenter
Enable Full and Secure Use of Certificate-Based Encryption
vCenter Server Certificates Replacement
Pre-Installation, During Installation, Post-Installation
vCenter Log Files and Rotation
Collecting vCenter Log Files
Use vCenter Custom Roles
Document and Monitor Changes to the Configuration
vCenter Add-on Components
VMware Update Manager
VMware Converter Enterprise
VMware Guided Consolidation
General Considerations
Client Components
Restrict the Use of Linux-Based Clients
Verify the Integrity of VI Client
Monitor the Usage of VI Client Instances
Avoid the Use of Plain-Text Passwords
vShield Zones
vShield VM Flow Features
Chapter 11 - 3rd Party Migration Tools
3rd Party Products
Virtualization: Greater Flexibility, Diminished Control
Altor
Catbird * Authors Pick
HyTrust * Authors Pick
Reflex
Trend Micro
Tripwire
Catbird In-Depth Look *Authors Pick
Understanding Compliance Scope
HyTrust – In-Depth Look * Authors Pick
Key Capabilities
What’s Missing?
Making Sense of It All |
Ask your question online
Latest Tweet
