VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE"

Transcription

1 VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE

2 Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with Virtualization Future of Virtualization Security 2

3 Security Advantages of Virtualization Better Forensics Capabilities Faster Recovery After an Attack Patching is Safer and More Effective Better Control Over Desktop Resources More Cost Effective Security Devices 3

4 Security Concepts in Architecture Extended Computing Stack (Hypervisor) Guest Isolation Host Visibility from the Guest Greater co-location of data and assets on one box Management Interfaces Service Console VirtualCenter Hosted vs. Bare Metal 4

5 Security Concepts: Extended Computing Stack and Guest Isolation Standard x86 VMware ESX Hypervisor VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 5

6 Are there any Hypervisor Attack Vectors? There are currently no known hypervisor attack vectors to date that have lead to VM Escape Architectural Vulnerability Designed specifically with Isolation in Mind Software Vulnerability Possible like with any code written by humans Small Code Footprint of Hypervisor (~32MB) Makes it Easier to Audit Depends on VMware Security Response and Patching If a software vulnerability is found, exploit difficulty will be very high Commonly cited: Blue Pill, SubVirt These are NOT hypervisor vulnerabilities, Use the concept of a hypervisor to create advanced malware These can only affect non-virtualized operating systems 6

7 VMware Architecture: Isolation and Containment VMM Security Design Highlights Privileged instructions within a VM are de-privileged and run within an isolated virtual memory space VMs have no direct access to hardware, only have visibility to virtual devices VMs can only communicate with each other through Virtual Switches Resource reservations and limits guarantees performance isolation OS and applications within a VM run as is with no modification (hence no recertification required) VMM Production Use Proof Points CC EAL 4+ certification ESX and VC Passed security audit and put into production by the largest Financial Institutions Passed Defense and Security Agencies scrutiny and audit (NetTop and HAP) Large number of customers run mission critical and transaction processing applications 7

8 Security Concepts in Architecture Extended Computing Stack (Hypervisor) Guest Isolation Host Visibility from the Guest Greater co-location of data and assets on one box Management Interfaces Service Console VirtualCenter Hosted vs. Bare Metal 8

9 Greater Collocation of Data on One Box Web Server Database Server PCI Server Domain Controller VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 9

10 Concern: Virtualizing the DMZ / Mixing Trust Zones Three Primary Configurations: Physical Separation of Trust Zones Virtual Separation of Trust Zone with Physical Security Devices Fully collapsing all servers and security devices into a VI3 infrastructure Also Applies to PCI Requirements 2.2.1, 1.1.x, 6.3.2, and

11 Physical Separation of Trust Zones VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 11

12 Virtual Separation of Trust Zone with Physical Security Devices VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 12

13 Full Collapse DMZ in a Box VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 13

14 Security Concepts in Architecture Extended Computing Stack (Hypervisor) Guest Isolation Host Visibility from the Guest Greater co-location of data and assets on one box Management Interfaces Service Console VirtualCenter Hosted vs. Bare Metal 14

15 Management Interfaces: Service Console Interface for advanced ESX Server Management VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 15

16 VMware ESXi: The next step in Virtualization Security Unmatched security and reliability: Compact 32MB footprint OS independence means minimal interfaces and a small attack profile Embedded in hardware --- reduces risk of tampering Unstructured Service Console management replaced by controlled API-based management Open ports highly limited. 16

17 Management Interfaces: VirtualCenter VirtualCenter: primary management tool Encrypted communication Integration with global security framework, e.g. Authentication via Active Directory Detailed auditing Extensive roles system for finegrained separation-of-duties Operational Best Practices for maximum security, e.g. Dedicated management network Lock-down of Administrator access 17

18 Security Concepts in Architecture Extended Computing Stack (Hypervisor) Guest Isolation Host Visibility from the Guest Greater co-location of data and assets on one box Management Interfaces Service Console VirtualCenter Hosted vs. Bare Metal 18

19 Hosted Virtualization vs. Bare Metal Virtualization Hosted Virtualization Bare-Metal Virtualization VMware Workstation VMware Server VMware Player Host OS Changes Security Profile Greatly VMware ESX Server VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 19

20 Common Misconception about VMware Security Hosted Platforms Guest Escape Vulnerabilities Does NOT affect ESX only hosted platforms (Workstation and Server) Not exactly escape nor a hypervisor vulnerability Uses documented communication interface for hosted features such as drag-n-drop, cut n-paste, and shared folders. This communication interface can be disabled (on by default) 20

21 Adapt existing security processes Adapt existing security solutions Operational Security Issues The datacenter becomes much more dynamic and flexible Misconfiguration is #1 Risk 21

22 How do we secure our Virtual Infrastructure? Use the Principles of Information Security Hardening and Lockdown Defense in Depth Authorization, Authentication, and Accounting Separation of Duties and Least Privileges Administrative Controls 22

23 Best Practices References Security Design of the VMware Infrastructure 3 Architecture (http://www.vmware.com/resources/techresources/727) VMware Infrastructure 3 Security Hardening (http://www.vmware.com/vmtn/resources/726) Managing VMware VirtualCenter Roles and Permissions (http://www.vmware.com/resources/techresources/826) DISA STIG and Checklist for VMware ESX (http://iase.disa.mil/stigs/stig/esx_server_stig_v1r1_final.pdf) (http://iase.disa.mil/stigs/checklist/esx_server_checklist_v1r1_30_ap r_2008.pdf) CIS (Center for Internet Security) Benchmark (http://www.cisecurity.org/bench_vm.html) Xtravirt Virtualization Security Risk Assessment (http://www.xtravirt.com/index.php?option=com_remository&itemid= 75&func=fileinfo&id=15) 23

24 The Future of Virtualization Security

25 Leveraging Virtualization To Solve Security Problems Security solutions are facing a growing problem Protection engines do not get complete visibility in and below the OS Protection engines are running in the same context as the malware they are protecting against Even those that are in a safe context, can t see other contexts (e.g. network protection has no host visibility). Virtualization can provide the needed visibility Better Context Provide protection from outside the OS, from a trusted context New Capabilities view all interactions and contexts CPU Memory Network Storage VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 25

26 Introducing VMsafe Security VM HIPS Firewall IPS/IDS Anti-Virus Security API ESX New security solutions can be developed and integrated into VMware virtual infrastructure Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage) Complete integration and awareness of VMotion, Storage VMotion, HA, etc. Provides an unprecedented level of security for the application and the data inside the VM VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 26

27 VMsafe APIs API s for all virtual hardware components of the VM CPU/Memory Inspection Inspection of specific memory pages being used by the VM or it applications Knowledge of the CPU state Policy enforcement through resource allocation of CPU and memory pages Networking View all IO traffic on the host Ability to intercept, view, modify and replicate IO traffic from any one VM or all VM s on a single host. Capability to provide inline or passive protection Storage Ability to mount and read virtual disks (VMDK) Inspect IO read/writes to the storage devices Transparent to the device and inline of the ESX Storage stack VMware Confidential/Proprietary Copyright 2006 VMware, Inc. All rights reserved. 27

28 Questions? Rob Randell, CISSP Senior Security Specialist SE

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

Sichere Virtualisierung mit VMware

Sichere Virtualisierung mit VMware Sichere Virtualisierung mit VMware Stefan Bohnengel, VMware Harald Speckbrock, RSA Neuss, 12.11.2009 Building The Private Cloud private cloud Flexibility Control Choice your applications your information

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Agenda Security Hardening vsphere 5.5 ESXi Architectural Review ESXi Software Packaging The ESXi Firewall ESXi Local User Security Host Logs

More information

VMware ESXi 3.5 update 2

VMware ESXi 3.5 update 2 VMware ESXi 3.5 update 2 VMware ESXi 3.5 Exec Summary What is it? What does it do? What is unique? Who can use it? How do you use it? Next generation, thin hypervisor for FREE Partitions servers to create

More information

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may

More information

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S Network Segmentation in Virtualized Environments B E S T P R A C T I C E S ware BEST PRAC TICES Table of Contents Introduction... 3 Three Typical Virtualized Trust Zone Configurations... 4 Partially Collapsed

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure BEST PRACTICES DMZ Virtualization with ware Infrastructure ware BEST PRACTICES Table of Contents Virtualized DMZ Networks... 3 Three Typical Virtualized DMZ Configurations... 4 Partially Collapsed DMZ

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

The growing importance of a secure Cloud environment

The growing importance of a secure Cloud environment The growing importance of a secure Cloud environment Jan Tiri jtiri@vmware.com System Engineer, VMware BeLux 2009 VMware Inc. All rights reserved Cloud components Enterprises Cloud Service Providers Private

More information

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com 1 Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com Agenda Cloud Computing VMware and Security Network Security Use Case Securing View Deployments Questions 2 IT consumption

More information

Making Data Security The Foundation Of Your Virtualization Infrastructure

Making Data Security The Foundation Of Your Virtualization Infrastructure Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the

More information

managing the risks of virtualization

managing the risks of virtualization managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization

More information

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise Virtualization with VMware ESX and VirtualCenter SMB to Enterprise Course VM-03 5 Days Instructor-led, Hands-on Course Description This is a 5-day intense introduction to virtualization using VMware s

More information

365 Evans Suite 300 Toronto, Ontario M8Z 1K2 Phone: Fax:

365 Evans Suite 300 Toronto, Ontario M8Z 1K2 Phone: Fax: Course: Virtualization with VMware ESX and VirtualCenter Description: Price: $2,895.00 Category: VMware Duration: 5 days Schedule: Request Dates Outline: This class is a 5-day (optional 4-day) intense

More information

What s New with VMware Virtual Infrastructure

What s New with VMware Virtual Infrastructure What s New with VMware Virtual Infrastructure Virtualization: Industry-Standard Way of Computing Early Adoption Mainstreaming Standardization Test & Development Server Consolidation Infrastructure Management

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Virtual Computing and VMWare. Module 4

Virtual Computing and VMWare. Module 4 Virtual Computing and VMWare Module 4 Virtual Computing Cyber Defense program depends on virtual computing We will use it for hands-on learning Cyber defense competition will be hosted on a virtual computing

More information

Running VirtualCenter in a Virtual Machine

Running VirtualCenter in a Virtual Machine VMWARE TECHNICAL NOTE VirtualCenter 2.x Running VirtualCenter in a Virtual Machine Running VirtualCenter in a virtual machine is fully supported by VMware to the same degree as if it were installed on

More information

Securing Your Journey to the Cloud. Thomas J. Miller Executive Vice President

Securing Your Journey to the Cloud. Thomas J. Miller Executive Vice President Securing Your Journey to the Cloud Thomas J. Miller Executive Vice President February 23, 2011 Classification 2/24/2011 Copyright 2011 Trend Micro Inc. 1 Have you ever tried to explain Virtualization to

More information

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................

More information

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server

More information

Presentation for ISACA Chapter NL. Auditing Virtual Servers. VMware: Security and Operations. Gert-Jan Timmer 3. September, 2012

Presentation for ISACA Chapter NL. Auditing Virtual Servers. VMware: Security and Operations. Gert-Jan Timmer 3. September, 2012 Presentation for ISACA Chapter NL Auditing Virtual Servers VMware: Security and Operations Gert-Jan Timmer 3. September, 2012 Auditing Virtual Servers: Vmware: Security and Operations Presentation today:

More information

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center VMware Virtual Infrastucture From the Virtualized to the Automated Data Center Senior System Engineer VMware Inc. ngalante@vmware.com Agenda Vision VMware Enables Datacenter Automation VMware Solutions

More information

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU Data sheet Product overview The HP TippingPoint Virtual Controller + Virtual Firewall (vcontroller+vfw) extends our leading intrusion

More information

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««; Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization

More information

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,

More information

White Paper. Install and run VMware ESX3 on VMware Workstation 6

White Paper. Install and run VMware ESX3 on VMware Workstation 6 www.xtravirt.com May 2007, Version 1.3 White Paper Install and run VMware ESX3 on VMware Workstation 6 By Paul Davey Copyright 2007 1. Table of Contents 1. TABLE OF CONTENTS...2 2. INTRODUCTION...3 1.1.

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

How Does Virtualization Change Your Approach to Enterprise Security and Compliance? HowDoesVirtualizationChangeYour ApproachtoEnterpriseSecurityand Compliance? SevenStepstoaVirtual awaresecuritystrategy. MichaelBaum Co founder ChiefCorporate&Business DevelopmentOfficer ScottShepard CISSP,CISM

More information

Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security

Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization

More information

Managed Object - PerformanceManager http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/referenceguide/vim.performancemanager.

Managed Object - PerformanceManager http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/referenceguide/vim.performancemanager. URLs disponibles dans http://www.tdeig.ch/vmware/liens.pdf mise à jour du 17 juin 2011 / GL Documents vsphere Introduction to VMware vsphere http://www.vmware.com/pdf/vsphere4/r40/vsp_40_intro_vs.pdf Basic

More information

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:

More information

VMware: Advanced Security

VMware: Advanced Security VMware: Advanced Security Course Introduction Course Introduction Chapter 01 - Primer and Reaffirming Our Knowledge Primer and Reaffirming Our Knowledge ESX Networking Components How Virtual Ethernet Adapters

More information

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed Computing Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies

More information

COS 318: Operating Systems. Virtual Machine Monitors

COS 318: Operating Systems. Virtual Machine Monitors COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have

More information

Virtualization Security Checklist

Virtualization Security Checklist Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating

More information

VMware vsphere: Install, Configure, Manage [V5.0]

VMware vsphere: Install, Configure, Manage [V5.0] VMware vsphere: Install, Configure, Manage [V5.0] Gain hands-on experience using VMware ESXi 5.0 and vcenter Server 5.0. In this hands-on, VMware -authorized course based on ESXi 5.0 and vcenter Server

More information

Cloud Computing #6 - Virtualization

Cloud Computing #6 - Virtualization Cloud Computing #6 - Virtualization Main source: Smith & Nair, Virtual Machines, Morgan Kaufmann, 2005 Today What do we mean by virtualization? Why is it important to cloud? What is the penalty? Current

More information

Full and Para Virtualization

Full and Para Virtualization Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels

More information

ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure

ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure Patrick Daigle, VCP, VMware Operations Team Lead, CGI/ITM John Y. Arrasjid, VCP, Sr. Consulting Architect, VMware Agenda Compliance

More information

End to End Security do Endpoint ao Datacenter

End to End Security do Endpoint ao Datacenter do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:

More information

The Top 8 Questions to ask about Virtualization in a PCI Environment

The Top 8 Questions to ask about Virtualization in a PCI Environment A COALFIRE WHITE PAPER The Top 8 Questions to ask about Virtualization in a PCI Environment DALLAS DENVER LOS ANGELES NEW YORK SEATTLE 877.224.8077 info@coalfire.com www.coalfire.com This paper provides

More information

Architecting Security for the Private Cloud. Todd Thiemann

Architecting Security for the Private Cloud. Todd Thiemann Architecting Security for the Private Cloud Todd Thiemann Classification 4/9/2010 Copyright 2009 Trend Micro Inc. 1 The Evolving Datacenter Lowering Costs, Increasing Flexibility Public Cloud Private Cloud

More information

Compromise-as-a-Service

Compromise-as-a-Service ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda

More information

Before we can talk about virtualization security, we need to delineate the differences between the

Before we can talk about virtualization security, we need to delineate the differences between the 1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via

More information

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Introduction Server virtualization and private cloud services offer compelling benefits, including hardware consolidation,

More information

Stephen Coty Director, Threat Research

Stephen Coty Director, Threat Research Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst

More information

Drobo How-To Guide. Use a Drobo iscsi Array as a Target for Veeam Backups

Drobo How-To Guide. Use a Drobo iscsi Array as a Target for Veeam Backups This document shows you how to use a Drobo iscsi SAN Storage array with Veeam Backup & Replication version 5 in a VMware environment. Veeam provides fast disk-based backup and recovery of virtual machines

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Distributed and Cloud Computing

Distributed and Cloud Computing Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March

More information

Table of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog!

Table of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog! Table of Contents Introduction 1 About the VMware VCP Program 1 About the VCP Exam 2 Exam Topics 3 The Ideal VCP Candidate 7 How to Prepare for the Exam 9 How to Use This Book and CD 10 Chapter Format

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

How Virtualization Affects PCI DSS

How Virtualization Affects PCI DSS How Virtualization Affects PCI DSS Part 2: A Review of the Top 5 Issues Authors: William Hau Vice President Professional Services Foundstone Professional Services Rudolph Araujo Director Foundstone Professional

More information

Shavlik NetChk Protect 7.1

Shavlik NetChk Protect 7.1 Shavlik NetChk Protect 7.1 New s in Shavlik NetChk Protect 7.1 Asset Management Define asset scans for physical and virtual machines for Software Assets, Hardware Assets, and Virtual Machine Assets. This

More information

McAfee MOVE / VMware Collaboration Best Practices

McAfee MOVE / VMware Collaboration Best Practices McAfee MOVE / VMware Collaboration Best Practices Christie J. Karrels Sales Engineer Federal DoD January 11, 2013 1 P a g e Contents Introduction... 3 Traditional Anti-Malware vs. Optimized Anti-Malware...

More information

Virtualization & Cloud Computing Risks NASSCOM-DSCI Information Security Summit 2009 November 24, 2009

Virtualization & Cloud Computing Risks NASSCOM-DSCI Information Security Summit 2009 November 24, 2009 Virtualization & Cloud Computing Risks NASSCOM-DSCI Information Security Summit 2009 November 24, 2009 Felix Mohan CISO, Bharti Airtel Ltd Virtualization & Cloud Computing Strategic Technologies with Significant

More information

S24 Virtualiza.on Security from the Auditor Perspec.ve

S24 Virtualiza.on Security from the Auditor Perspec.ve S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust

More information

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015. Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines

More information

Auditing Virtualized Environments

Auditing Virtualized Environments Auditing Virtualized Environments 11 CHAPTER Innovations in operating system virtualization and server hardware permanently changed the footprint, architecture, and operations of data centers. This chapter

More information

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,

More information

Virtualization: an old concept in a new approach

Virtualization: an old concept in a new approach MPRA Munich Personal RePEc Archive Virtualization: an old concept in a new approach Logica Banica and Doina Rosca and Cristian Stefan University of Pitesti, Faculty of Economics, University of Craiova,

More information

VMware vsphere: Fast Track [V5.0]

VMware vsphere: Fast Track [V5.0] VMware vsphere: Fast Track [V5.0] Experience the ultimate in vsphere 5 skills-building and VCP exam-preparation training. In this intensive, extended-hours course, you will focus on installing, configuring,

More information

FOR SERVERS 2.2: FEATURE matrix

FOR SERVERS 2.2: FEATURE matrix RED hat ENTERPRISE VIRTUALIZATION FOR SERVERS 2.2: FEATURE matrix Red hat enterprise virtualization for servers Server virtualization offers tremendous benefits for enterprise IT organizations server consolidation,

More information

Introduction. Setup of Exchange in a VM. VMware Infrastructure

Introduction. Setup of Exchange in a VM. VMware Infrastructure Introduction VMware Infrastructure is deployed in data centers for deploying mission critical applications. Deployment of Microsoft Exchange is a very important task for the IT staff. Email system is an

More information

What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant

What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant Nationwide Insurance Learning Objectives Understand the fundamentals of virtualization and supporting architecture Develop

More information

Frontiers in Cyber Security: Beyond the OS

Frontiers in Cyber Security: Beyond the OS 2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks

More information

Simplifying the Transition to Virtualization TS17

Simplifying the Transition to Virtualization TS17 Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation

More information

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Applied Technology Abstract Securing a Microsoft Exchange e-mail environment presents a myriad of challenges and compliance issues

More information

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend. The Impact of Virtualization on Network Security Discover. Determine. Defend. EXECUTIVE SUMMARY Virtualization is a concept that has become highly visible in the last few years because of its perceived

More information

Enabling Technologies for Distributed and Cloud Computing

Enabling Technologies for Distributed and Cloud Computing Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading

More information

Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper. Updated 7/20/2010

Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper. Updated 7/20/2010 W H I T E P A P E R : T E C H N I C A L S E C U R I T Y S O L U T I O N S Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper Updated 7/20/2010 White Paper: Symantec

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Managing Physical and Virtual Machines in Paragon Protect & Restore

Managing Physical and Virtual Machines in Paragon Protect & Restore Managing Physical and Virtual Machines in Paragon Protect & Restore Best Practices last updated: August 2013 Overview Paragon Software s Protect & Restore (PPR) offers a unified system and data protection

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Security & Cloud Services IAN KAYNE

Security & Cloud Services IAN KAYNE Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents

More information

Netzwerkvirtualisierung? Aber mit Sicherheit!

Netzwerkvirtualisierung? Aber mit Sicherheit! Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction

More information

Learn the Essentials of Virtualization Security

Learn the Essentials of Virtualization Security Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

VMware vsphere-6.0 Administration Training

VMware vsphere-6.0 Administration Training VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast

More information

Solutions as a Service N.Konstantinidis Technical Director - MNG

Solutions as a Service N.Konstantinidis Technical Director - MNG Med Nautilus Greece Connected World April 10, 2014 Solutions as a Service N.Konstantinidis Technical Director - MNG MedNautilus Greece Solutions as a Service 2014 SINCE 2002 Data Center Physical Colocation

More information

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software Best Practices for Monitoring Databases on VMware Dean Richards Senior DBA, Confio Software 1 Who Am I? 20+ Years in Oracle & SQL Server DBA and Developer Worked for Oracle Consulting Specialize in Performance

More information

How to Backup and Restore a VM using Veeam

How to Backup and Restore a VM using Veeam How to Backup and Restore a VM using Veeam Table of Contents Introduction... 3 Assumptions... 3 Add ESXi Server... 4 Backup a VM... 6 Restore Full VM... 12 Appendix A: Install Veeam Backup & Replication

More information

VMware Solution Guide for. Payment Card Industry (PCI) September 2012. v1.3

VMware Solution Guide for. Payment Card Industry (PCI) September 2012. v1.3 VMware Solution Guide for Payment Card Industry (PCI) September 2012 v1.3 VALIDATION DO CU MENT Table of Contents INTRODUCTION... 3 OVERVIEW OF PCI AS IT APPLIES TO CLOUD/VIRTUAL ENVIRONMENTS... 5 GUIDANCE

More information

Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up!

Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up! Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up! Ravi Kumar, Group Product Marketing Manager - Security, VMware Bob Kalka, Director, IBM Security Solutions, IBM The Rise

More information

Vmware VSphere 6.0 Private Cloud Administration

Vmware VSphere 6.0 Private Cloud Administration To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Protect Root Abuse privilege on Hypervisor (Cloud Security) Protect Root Abuse privilege on Hypervisor (Cloud Security) Nantharat Puwarang, CISSP Senior Technical Consultant Protect Software Defined Data Center 1 The Road to Software Defined Data Centers: Virtualization

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Paragon Protect & Restore

Paragon Protect & Restore Paragon Protect & Restore ver. 3 Centralized and Disaster Recovery for virtual and physical environments Tight Integration with hypervisors for agentless backups, VM replication and seamless restores Paragon

More information

5nine Security for Hyper-V Datacenter Edition. Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager

5nine Security for Hyper-V Datacenter Edition. Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager 5nine Security for Hyper-V Datacenter Edition Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager November 2013 11 Table of Contents Summary... 5 System requirements... 5 Permissions...

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

Visions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Visions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Visions of Clouds and Cloud Security Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Visions of Clouds and Cloud Security What is the Cloud? PAAS SAAS IAAS Chris Hoff s Model

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information