Virtualization Security: Protecting Virtualized Environments [NOOK Book]

Overview

The essential guide to protecting your virtualized systems

Securing virtual environments is not the same as securing physical environments—the stakes are higher and the process is more complicated. With different architectural models, new attack vectors, and new security controls to implement and tune, virtualization dramatically changes the security playing field.

Discover the best practices for securing your virtualized systems with this ...

See more details below
Virtualization Security: Protecting Virtualized Environments

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$28.49
BN.com price
(Save 43%)$49.99 List Price
Note: This NOOK Book can be purchased in bulk. Please email us for more information.

Overview

The essential guide to protecting your virtualized systems

Securing virtual environments is not the same as securing physical environments—the stakes are higher and the process is more complicated. With different architectural models, new attack vectors, and new security controls to implement and tune, virtualization dramatically changes the security playing field.

Discover the best practices for securing your virtualized systems with this detailed guide. Author Dave Shackleford is a well-known security expert who brings you up to speed on the technologies and strategies you should know and shows you how to properly secure virtual environments.

This essential guide includes:

  • A thorough overview of virtualization security—actual and theoretical threats

  • Step-by-step processes for securing the three leading hypervisors—VMware vSphere and ESXi, Microsoft Hyper-V®, and Citrix XenServer®

  • Smart ways to design virtual networks to be more secure from the outset

  • Effective strategies for integrating new virtual network layers into existing physical infrastructures

  • Securing virtual machines (VMs), especially against VM-focused attacks

  • Proper logging and auditing management for virtual environments

  • Managing change and configuration with new policies and processes that take into consideration virtualization security

  • Tips and tricks for improving disaster recovery and business continuity

  • Leveraging Virtual Desktop Infrastructure (VDI) for security, as well as considerations for securing Storage Virtualization and Application Virtualization

Read More Show Less

Product Details

  • ISBN-13: 9781118331514
  • Publisher: Wiley
  • Publication date: 11/8/2012
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 360
  • File size: 21 MB
  • Note: This product may take a few minutes to download.

Meet the Author

Dave Shackleford is founder and Principal Consultant with Voodoo Security, Senior Vice President of Research and CTO at IANS, and a SANS senior instructor and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert and has extensive experience designing and configuring secure virtualized infrastructures. Recently, Dave coauthored the first published course on virtualization security for the SANS Institute. He currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Read More Show Less

Table of Contents

Introduction xix

Chapter 1 Fundamentals of Virtualization Security 1

Virtualization Architecture 1

Threats to a Virtualized Environment 4

Operational Threats 4

Malware-Based Threats 5

VM Escape 6

Vulnerabilities in Virtualization Platforms 9

How Security Must Adapt to Virtualization 9

Challenges for Securing Virtualized Environments 10

Challenges of Vulnerability Testing in a Virtualized Environment 10

Chapter 2 Securing Hypervisors 15

Hypervisor Configuration and Security 15

Configuring VMware ESXi 17

Patching VMware ESXi 17

Securing Communications in VMware ESXi 27

Change and Remove Default Settings on VMware ESXi 33

Enable Operational Security on VMware ESXi 34

Secure and Monitor Critical Configuration Files in VMware ESXi 38

Secure Local Users and Groups on VMware ESXi 40

Lock Down Access to Hypervisor Console 47

Configuring Microsoft Hyper-V on Windows Server 2008 52

Patching Hyper-V 53

Securing Communications with Hyper-V 53

Changing Hyper-V Default Settings 56

Enabling Operational Security for Hyper-V 59

Securing and Monitoring Critical Confi guration Files for Hyper-V 60

Secure Local Hyper-V Users and Groups 63

Lock Down Access to the Hyper-V Hypervisor Platform 68

Configuring Citrix XenServer 72

Patching XenServer 72

Secure Communications with XenServer 75

Change XenServer Default Settings 76

Enabling XenServer Operational Security 80

Secure and Monitor Critical XenServer Configuration Files 81

Secure Local Users and Groups 81

Lock Down Access to the XenServer Platform 88

Chapter 3 Designing Virtual Networks for Security 93

Comparing Virtual and Physical Networks 93

Virtual Network Design Elements 95

Physical vs Virtual Networks 98

Virtual Network Security Considerations 99

Important Security Elements 99

Architecture Considerations 100

Configuring Virtual Switches for Security 102

Defining Separate vSwitches and Port Groups 103

Configuring VLANs and Private VLANs for Network Segmentation 112

Limiting Virtual Network Ports in Use 117

Implementing Native Virtual Networking Security Policies 122

Securing iSCSI Storage Network Connections 125

Integrating with Physical Networking 129

Chapter 4 Advanced Virtual Network Operations 131

Network Operational Challenges 131

Network Operations in VMware vSphere 133

Load Balancing in vSphere Virtual Environments 133

Traffic Shaping and Network Performance in VMware vSphere 135

Creating a Sound Network Monitoring Strategy in VMware vSphere 136

Network Operations in Microsoft Hyper-V 141

Load Balancing in Hyper-V Virtual Environments 141

Traffic Shaping and Network Performance in Hyper-V 142

Creating a Sound Network Monitoring Strategy in Hyper-V 144

Network Operations in Citrix XenServer 145

Load Balancing in XenServer Virtual Environments 145

Traffic Shaping and Network Performance in XenServer 148

Creating a Sound Network Monitoring Strategy in XenServer 148

Chapter 5 Virtualization Management and Client Security 151

General Security Recommendations for Management Platforms 151

Network Architecture for Virtualization Management Servers 152

VMware vCenter 155

vCenter Service Account 157

Secure Communications in vCenter 158

vCenter Logging 160

Users, Groups, and Roles in vCenter 163

Role Creation Scenarios 167

vSphere Client 168

Microsoft System Center Virtual Machine Manager 168

SCVMM Service Account 169

Secure Communications with SCVMM 170

SCVMM Logging 171

Users, Groups, and Roles in SCVMM 172

Client Security 175

Citrix XenCenter 175

Secure Communication with XenCenter 175

Logging with XenCenter 176

Users, Groups, and Roles in XenCenter 176

Chapter 6 Securing the Virtual Machine 177

Virtual Machine Threats and Vulnerabilities 177

Virtual Machine Security Research 178

Stealing Guests 179

Cloud VM Reconnaissance 179

Virtual Disk Manipulation 180

Virtual Machine Encryption 180

Locking Down VMware VMs 185

VMware Tools 188

Copy/Paste Operations and HGFS 188

Virtual Machine Disk Security 189

VM Logging 189

Device Connectivity 190

Guest and Host Communications 191

Controlling API Access to VMs 192

Unexposed Features 193

Locking Down Microsoft VMs 195

Locking Down XenServer VMs 197

Chapter 7 Logging and Auditing 201

Why Logging and Auditing Is Critical 201

Virtualization Logs and Auditing Options 202

Syslog 203

Windows Event Log 204

VMware vSphere ESX Logging 205

VMware vSphere ESXi Logging 207

Microsoft Hyper-V and SCVMM Logging 211

Citrix XenServer and XenCenter Logging 218

Integrating with Existing Logging Platforms 221

Enabling Remote Logging on VMware vSphere 221

Enabling Remote Logging on Microsoft Hyper-V 223

Enabling Remote Logging for XenServer 225

Effective Log Management 226

Chapter 8 Change and Configuration Management 229

Change and Configuration Management Overview 229

Change Management for Security 230

The Change Ecosystem 231

How Virtualization Impacts Change and Configuration Management 234

Best Practices for Virtualization Configuration Management 235

Cloning and Templates for Improved Confi guration Management 237

Creating and Managing VMware vSphere VM Templates and Snapshots 238

Creating and Managing Microsoft Hyper-V VM Templates and Snapshots 242

Creating and Managing Citrix XenServer VM Templates and Snapshots 247

Integrating Virtualization into Change and Management 249

Additional Solutions and Tools 250

Chapter 9 Disaster Recovery and Business Continuity 253

Disaster Recovery and Business Continuity Today 253

Shared Storage and Replication 254

Virtualization Redundancy and Fault Tolerance for DR/BCP 256

Clustering 256

Resource Pools 262

High Availability and Fault Tolerance 270

Setting Up High Availability and Fault Tolerance in VMware vSphere 270

Setting Up High Availability and Fault Tolerance in Microsoft Hyper-V 274

Setting Up High Availability and Fault Tolerance in Citrix XenServer 277

Chapter 10 Scripting Tips and Tricks for Automation 281

Why Scripting Is Essential for Admins 281

VMware Scripting: Power CLI and vCLI 282

Scripting with PowerCLI 282

Configuring VMs with PowerCLI 283

Configuring VMs with vCLI 285

Configuring VMware ESXi with PowerCLI 286

Configuring VMware ESXi with the vCLI 289

Configuring VMware Virtual Networks with PowerCLI 290

Configuring VMware Virtual Networks with the vCLI 293

Configuring VMware vCenter with PowerCLI 294

Microsoft Scripting for Hyper-V: PowerShell 297

Getting Information about VMs 298

Getting Information about the Virtual Network 299

Assessing Other Aspects of the Virtual Environment 299

Citrix Scripting: Shell Scripts 300

Chapter 11 Additional Security Considerations for Virtual Infrastructure 303

VDI Overview 303

VDI Benefits and Drawbacks: Operations and Security 304

Security Advantages and Challenges 304

VDI Architecture Overview 307

Leveraging VDI for Security 310

Storage Virtualization 310

Application Virtualization 313

Index 317

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)