Virtualization System Security
|
|
- Damian Anthony
- 8 years ago
- Views:
Transcription
1 Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation
2 Overview Vulnerability disclosure analysis Vulnerability classes Vulnerability examples Virtualization-system specific attacks Known virtualization system attacks Public virtualization system exploits Summary of virtualization system security concerns Technologies for virtualization-based security enhancement Configuration recommendations
3 The Importance of Virtualization System Security Businesses are increasingly relying on virtualization technology In Q4 2009, 18.2% of servers shipped were virtualized 1 20% increase over 15.2% shipped in Q Growing interest in cloud computing will fuel further demand Vulnerability disclosures have grown as interest has grown Source: IBM X-Force 2010 Midyear Trend Report 1 Source: IDC
4 The Risk Imposed by Virtualization System Vulnerabilities Disclosed vulnerabilities pose a significant security risk 40% of all reported vulnerabilities have high severity Tend to be easy to exploit, provide full control over attacked system Exploits have been publically disclosed for 14% of vulnerabilities
5 The Risk To Production Systems Most reported vulnerabilities affect production virtualization systems Production systems run on the bare metal hypervisor acts as operating system Contrast with workstation systems, which run on top of a host OS
6 Vendor Disclosures by Vendor Low percentages for Oracle, IBM, and Microsoft VMware: 80.9% RedHat: 6.9% Citrix: 5.8% Oracle: 1.8% IBM: 1.1% Microsoft: 0.9%
7 Virtualization System Vulnerability Classes Vulnerabilities can be classified by what they affect Virtualization Server Guest VM Users 5 System Administrators Virtualization System 1 Admin VM Guest VM Hypervisor Hardware Guest VM Management Console Management Server
8 Virtualization System Vulnerability Classes Management console vulnerabilities Affect the management console host Can provide platform or information allowing attack of management server Can occur in custom consoles or web applications Management server vulnerabilities Potential to compromise virtualization system configuration Can provide platform from which to attack administrative VM Administrative VM vulnerabilities Compromises system configuration In some systems (like Xen), equivalent to a hypervisor vulnerability in that all guest VMs may be compromised Can provide platform from which to attack hypervisor and guest VMs
9 Virtualization System Vulnerability Classes Guest VM vulnerabilities Affect a single VM Can provide platform from which to attack administrative VM, hypervisor, and other guest VMs Hypervisor vulnerabilities Compromise all guest VMs Cannot be exploited from guest VMs Hypervisor escape vulnerabilities A type of hypervisor vulnerability Classified separately because of their importance Allow a guest VM user to escape from own VM to attack other VMs or hypervisor Violate assumption of isolation of guest VMs
10 Production Virtualization System Vulnerabilities By Class Mgmt Server (6.3%) Guest VM (15.0%) Hypervisor (1.3%) Indeterminate (6.3%) Hypervisor escape (37.5%) Mgmt console (16.3%) Admin VM (17.5%)
11 Virtualization System Vulnerability Examples Management console CVE : A cross-site scripting vulnerability in a VMware web console allows remote attackers to steal cookie-based authentication credentials Management server CVE : VMware VirtualCenter management server can allow a local attacker to use directory traversal sequences to gain elevated privileges Administrative VM CVE : A buffer overflow in a VMWare management service running in the administrative VM could allow remote authenticated users to gain root privileges
12 Virtualization System Vulnerability Examples Guest VM CVE : A bug in the handling of page fault exceptions in VMware ESX Server could allow a guest VM user to gain kernel mode execution privileges in the guest VM Hypervisor CVE : By modifying the processor status register, a local attacker can cause the Xen kernel to crash Hypervisor escape CVE : An error in the virtual machine display function on VMware ESX Server allows an attacker in a guest VM to execute arbitrary code in the hypervisor
13 New Virtualization System-Specific Attacks VM jumping/guest hopping Attackers take advantage of hypervisor escape vulnerabilities to jump from one VM to another VM attacks Attacks during deployment and duplication Deletion of virtual images Attacks on control of virtual machines Code/file injection into virtualization file structure
14 New Virtualization System-Specific Attacks VM migration VM migration is transfer of guest OS from one physical server to another with little or no downtime Implemented by several virtualization products Provides high availability and dynamic load balancing VMware VMotion brochure
15 New Virtualization System-Specific Attacks VM migration attack If migration protocol is unencrypted, susceptible to man-in-the-middle attack Allows arbitrary state in VM to be modified In default configuration, XenMotion is susceptible (no encryption) VMware s VMotion system supports encryption Proof-of-concept developed by John Oberheide at the Univ. of Michigan John Oberheide et. al. University of Michigan
16 Known Virtualization System Attacks Management server attacks Exploit management console vulnerabilities that divulge password information Exploit management console vulnerabilities to gain access to management server Exploit vulnerabilities that allow local management server users to gain elevated privileges Administrative VM attacks exploit vulnerabilities to: Cause a denial of service by halting the system Cause a denial of service by crashing the administrative VM Obtain passwords that are stored in cleartext Exploit buffer overflows in exposed services to execute arbitrary code Exploit vulnerable services to gain elevated privileges Bypass authentication
17 Known Virtualization System Attacks Guest VM attacks exploit vulnerabilities to: Gain elevated privileges Crash the virtual machine Truncate arbitrary files on the system Execute arbitrary code with elevated privileges Hypervisor attacks exploit vulnerabilities to: Cause the hypervisor to crash Escape from one guest VM to another
18 Example Configuration Issues Virtual machine configuration Resource reservations and limits (for example, on CPU usage) can be established for individual VMs Allows assignment of more system resources to specific VMs Improper configuration can allow a DoS against one virtual host to affect other hosts on the same server Failure to enable log file rotation can fill disk and DoS the ESX Server Failure to disable unused devices can introduce unnecessary risk
19 Example Configuration Issues Virtual network configuration Virtual switches are used to define the topology of virtual networks VMware
20 Example Configuration Issues Improper configuration can allow unintended communication among guest VMs Network services are enabled to connect virtual machines and kernel services to the physical network Kernel services include features such as virtual machine migration Failure to disable unused services can introduce unnecessary risk VLANs can be used to aggregate multiple virtual switch ports under a common configuration Incorrect aggregation can result in misconfiguration of ports
21 New Virtualization System-Specific Attacks Hyperjacking Consists of installing a rogue hypervisor One method for doing this is overwriting pagefiles on disk that contain paged-out kernel code Force kernel to be paged out by allocating large amounts of memory Find unused driver in page file and replace its dispatch function with shellcode Take action to cause driver to be executed Shellcode downloads the rest of the malware Host OS is migrated to run in a virtual machine Has been demonstrated for taking control of Host OS Hyperjacking of hypervisors may be possible, but not yet demonstrated Hypervisors will come under intense scrutiny because they are such attractive targets Known hyperjacking tools: BluePill, SubVirt, Vitriol
22 Virtualization System Public Exploits 36 public exploits against production virtualization systems have been released Most of these are attacks against third-party components of these systems CVE Guest OS user can gain elevated privileges on guest OS by exploiting a bug in handling of page faults Affects ESX server 4 and other VMware products Exploit binary posted at lists.grok.org.uk
23 Virtualization System Public Exploits CVE Remote attacker can write PHP code to Web server configuration script to execute arbitrary PHP code with privileges of server Affects XenCenterWeb Exploit URLs are provided in a Neophasis post:
24 Virtualization System Public Exploits CVE OpenSSL buffer overflow vulnerability allows remote attacker to execute arbitrary code on the system Affects VMware ESXi server 3.5, presumably the administrative VM (the service console ) Neophasis post describes the exploit Involves sending multiple ciphers to take advantage of an off-by- one error in OpenSSL s cipher processing code
25 Summary of Virtualization System Security Concerns Virtualization systems have added new vulnerabilities to infrastructure 259 new vulnerabilities over the last 5 years (XFDB) Use of virtualization systems doesn t add inherent security same connectivity to servers is still needed Addition of new operating system (hypervisor) increases attack surface Doesn t replace existing OSes Potential for new types of attacks Migration of VMs for load balancing can make them more difficult to secure Ease of addition of new VMs can increase likelihood that insecure systems will go online New management systems are needed for virtualization systems - increases attack surface
26 Technologies for Virtualization-Based Security Enhancement Some technologies can take advantage of virtualization to improve security IBM Security Virtual Server Protection for VMWare Takes advantage of virtualization to provide IPS protection for all communication between VMs on a virtualization server Traditional IPS provides protection only where appliances are installed Future may see virtualization-based sandboxing Sandbox environment is a locked-down OS that restricts what programs can do for example, disallow network access Sandboxes could run in separate VMs and be used for opening untrusted files and running untrusted applications
27 Virtualization System Configuration Recommendations Don t connect virtualization system hosts to operational networks until fully configured Management server configuration Management servers should be segregated from operational networks via an appropriately configured firewall or router Restrict access of management system databases to the management server, a database administrator, and backup software Limit access to remote management tools Use limited accounts Connections to virtualization systems should be encrypted and authenticated Use logging
28 Virtualization System Configuration Recommendations Administrative VM configuration Avoid installing third-party software Disable or restrict access to unused network services Synchronize clocks on virtualization servers and management servers to aid log analysis Manage log size to avoid filling partitions Implement file system integrity checking and password policies Only allow server administrators to manage administrative VMs Disable root console logins
29 Virtualization System Configuration Recommendations Guest VM configuration Harden servers Update and patch OS Use single role servers disable unnecessary services Use local firewall to insure limited host control Use limited scope admin accounts with strong passwords Protect virtual machine files Use access control lists Use encryption Use auditing of file operations (access, creation, deletion, ) Disable unnecessary or unused virtual devices Use hardened VM images as basis for new VMs VMware supports templates for creation of new VM images
30 Virtualization System Configuration Recommendations Virtualization environment configuration Install hypervisor updates and patches If possible, install VMs with different security profiles on different physical machines The existence of hypervisor escape vulnerabilities makes this prudent Otherwise, use virtual firewalls between groups of machines with different security postures Isolate VM traffic by defining VLAN port groups in virtual switches and associating each VM virtual adapter with the appropriate port group If supported, configure port groups to: Restrict virtual adapters from entering promiscuous mode Avoid changing virtual NICs own MAC addresses
31 Summary Virtualization system interest and vulnerabilities have both increased Virtualization system vulnerabilities can be characterized by what they affect Known attacks exist against all virtualization system components Public exploits have been released for some virtualization system vulnerabilities Virtualization systems have introduced new types of attacks Currently, virtualization systems make networks less secure Some technologies can offer virtualization-based security enhancement Proper configuration can reduce virtualization system risk
32 References X-Force 2010 Midyear Trend Report X-Force database VMWare ESX Server 3 Configuration Guide NSA ESX 3 Server Configuration Guide Virtualization Security (Microsoft presentation) c61ddd81/Day2Session-VirtualizationSecurity-RickClaus.pdf Subverting Vista Kernel for Fun and Profit (BlackHat presentation by Joanna Rutkowska) US-06-Rutkowska.pdf SubVirt: Implementing malware with virtual machines (U. of Michigan and Microsoft) Empirical Exploitation of Live Virtual Machine Migration (John Oberheide et. al.)
33 References From Virtualization vs. Security to Virtualization Based Security (Steve Orrin, Intel presentation) VMware Security Hardening Guide Wikipedia article on sandboxing What you need to know about Security Your Virtual Network (Daniel Petri)
Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationVMware ESX Server 3 Configuration Guide
Date: 03/03/08 VMware ESX Server 3 Configuration Guide Enterprise Applications Division of the Systems and Network Analysis Center (SNAC) Information Assurance Directorate National Security Agency 9800
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationVMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE
VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More informationVirtualization Security Checklist
Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationSecurity. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;
Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationmanaging the risks of virtualization
managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationCloud Security Overview
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers
More informationPICO Compliance Audit - A Quick Guide to Virtualization
WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationVirtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:
More informationVirtualization Security
Virtualization Security Edward Ray, CISSP NetSec Design & Consulting, Inc. 826 North Red Robin Street Orange, CA 92869 001 714 381 6508 eray@netsecdesign.com Eugene Schultz, Ph.D., CISSP Emagined Security
More informationHow to Configure an Initial Installation of the VMware ESXi Hypervisor
How to Configure an Initial Installation of the VMware ESXi Hypervisor I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide
More informationDatabase Security Guide
Institutional and Sector Modernisation Facility ICT Standards Database Security Guide Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/DBSec Version: 1.10 Project Funded by the European Union 1 Document
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationTECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.
The Impact of Virtualization on Network Security Discover. Determine. Defend. EXECUTIVE SUMMARY Virtualization is a concept that has become highly visible in the last few years because of its perceived
More informationSecuring Industrial Control Systems on a Virtual Platform
Securing Industrial Control Systems on a Virtual Platform How to Best Protect the Vital Virtual Business Assets WHITE PAPER Sajid Nazir and Mark Lazarides sajid.nazir@firstco.uk.com 9 Feb, 2016 mark.lazarides@firstco.uk.com
More informationVirtualisation. A newsletter for IT Professionals. Issue 2. I. Background of Virtualisation. Hardware
Virtualisation A newsletter for IT Professionals Issue 2 UEducation Sector Updates I. Background of Virtualisation Virtualisation is the separation of resource or request for a service from the underlying
More informationActive Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide
Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use
More informationAuditing Virtualized Environments
Auditing Virtualized Environments 11 CHAPTER Innovations in operating system virtualization and server hardware permanently changed the footprint, architecture, and operations of data centers. This chapter
More informationVMware ESXi 3.5 update 2
VMware ESXi 3.5 update 2 VMware ESXi 3.5 Exec Summary What is it? What does it do? What is unique? Who can use it? How do you use it? Next generation, thin hypervisor for FREE Partitions servers to create
More informationInstalling and Administering VMware vsphere Update Manager
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationVirtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE
Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationTop virtualization security risks and how to prevent them
E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced
More informationHypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.
Hypervisor Software and Virtual Machines Learning Objectives Understand the common features of today s desktop virtualization products Select and implement a desktop virtualization option on a Linux, Mac,
More informationPreparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.
Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationSecurity and Cloud Compunting - Security impacts, best practices and solutions -
Security and Cloud Compunting - Security impacts, best practices and solutions - Andrea Carmignani Senior IT Architect What is Cloud Security It s about business and data behind it The ability to maintain
More informationServervirualisierung mit Citrix XenServer
Servervirualisierung mit Citrix XenServer Paul Murray, Senior Systems Engineer, MSG EMEA Citrix Systems International GmbH paul.murray@eu.citrix.com Virtualization Wave is Just Beginning Only 6% of x86
More informationVMware: Advanced Security
VMware: Advanced Security Course Introduction Course Introduction Chapter 01 - Primer and Reaffirming Our Knowledge Primer and Reaffirming Our Knowledge ESX Networking Components How Virtual Ethernet Adapters
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationVMware vcenter Update Manager Administration Guide
VMware vcenter Update Manager Administration Guide Update 1 vcenter Update Manager 4.0 This document supports the version of each product listed and supports all subsequent versions until the document
More informationMitigating Information Security Risks of Virtualization Technologies
Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization
More informationTable of Contents. Virtual Server Software Trade Study Architecture Working Group, Systems Administrators Group 2008 08 12, 2008 08 15 Revised
Table of Contents Objective...3 Scope...3 Definitions...3 Initial Criteria...4 Generic...4 Support Services...4 Features...4 Systems Administration...5 Additional Criteria...5 Product Discovery...5 Initial
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
More information8070.S000 Application Security
8070.S000 Application Security Last Revised: 02/26/15 Final 02/26/15 REVISION CONTROL Document Title: Author: File Reference: Application Security Information Security 8070.S000_Application_Security.docx
More informationVMware vsphere-6.0 Administration Training
VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast
More informationAltor Virtual Network Security Analyzer v1.0 Installation Guide
Altor Virtual Network Security Analyzer v1.0 Installation Guide The Altor Virtual Network Security Analyzer (VNSA) application is deployed as Virtual Appliance running on VMware ESX servers. A single Altor
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationALTERNATIVES FOR SECURING VIRTUAL NETWORKS
White Paper ALTERNATIVES FOR SECURING VIRTUAL NETWORKS A Different Network Requires a Different Approach Extending Security to the Virtual World Copyright 2013, Juniper Networks, Inc. 1 Table of Contents
More informationCedric Rajendran VMware, Inc. Security Hardening vsphere 5.5
Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Agenda Security Hardening vsphere 5.5 ESXi Architectural Review ESXi Software Packaging The ESXi Firewall ESXi Local User Security Host Logs
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationStorage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V
Installation Guide for Microsoft Hyper-V Egnyte Inc. 1890 N. Shoreline Blvd. Mountain View, CA 94043, USA Phone: 877-7EGNYTE (877-734-6983) www.egnyte.com 2013 by Egnyte Inc. All rights reserved. Revised
More informationProtecting the Irreplacable. November 2013 Athens Ian Whiteside, F-Secure Ian.Whiteside@f-secure.com
Protecting the Irreplacable November Athens Ian Whiteside, F-Secure Ian.Whiteside@f-secure.com PC Sales continue to fall. Lack of innovation and no excitement Windows 8 doesn t seem to have excited the
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the
More informationWhat is virtualization
Virtualization Concepts Virtualization Virtualization is the process of presenting computing resources in ways that users and applications can easily get value out of them, rather than presenting them
More informationAcronis Backup & Recovery 11.5
Acronis Backup & Recovery 11.5 Update 2 Installation Guide Applies to the following editions: Advanced Server Server for Windows Virtual Edition Server for Linux Advanced Server SBS Edition Workstation
More informationRemote PC Guide Series - Volume 1
Introduction and Planning for Remote PC Implementation with NETLAB+ Document Version: 2016-02-01 What is a remote PC and how does it work with NETLAB+? This educational guide will introduce the concepts
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationHow To Make A Virtual Machine Aware Of A Network On A Physical Server
VMready Virtual Machine-Aware Networking White Paper Table of Contents Executive Summary... 2 Current Server Virtualization Environments... 3 Hypervisors... 3 Virtual Switches... 3 Leading Server Virtualization
More informationIndex C, D. Background Intelligent Transfer Service (BITS), 174, 191
Index A Active Directory Restore Mode (DSRM), 12 Application profile, 293 Availability sets configure possible and preferred owners, 282 283 creation, 279 281 guest cluster, 279 physical cluster, 279 virtual
More informationPHD Virtual Backup for Hyper-V
PHD Virtual Backup for Hyper-V version 7.0 Installation & Getting Started Guide Document Release Date: December 18, 2013 www.phdvirtual.com PHDVB v7 for Hyper-V Legal Notices PHD Virtual Backup for Hyper-V
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationInstall Guide for JunosV Wireless LAN Controller
The next-generation Juniper Networks JunosV Wireless LAN Controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationQuick Start Guide for VMware and Windows 7
PROPALMS VDI Version 2.1 Quick Start Guide for VMware and Windows 7 Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the
More informationUnmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may
More informationRed Hat enterprise virtualization 3.0 feature comparison
Red Hat enterprise virtualization 3.0 feature comparison at a glance Red Hat Enterprise is the first fully open source, enterprise ready virtualization platform Compare the functionality of RHEV to VMware
More informationBest Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software
Best Practices for Monitoring Databases on VMware Dean Richards Senior DBA, Confio Software 1 Who Am I? 20+ Years in Oracle & SQL Server DBA and Developer Worked for Oracle Consulting Specialize in Performance
More informationSolaris For The Modern Data Center. Taking Advantage of Solaris 11 Features
Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...
More informationVIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS
VIRTUALIZATION 101 Brainstorm Conference 2013 PRESENTER INTRODUCTIONS Timothy Leerhoff Senior Consultant TIES 21+ years experience IT consulting 12+ years consulting in Education experience 1 THE QUESTION
More informationPARALLELS SERVER BARE METAL 5.0 README
PARALLELS SERVER BARE METAL 5.0 README 1999-2011 Parallels Holdings, Ltd. and its affiliates. All rights reserved. This document provides the first-priority information on the Parallels Server Bare Metal
More informationApp Orchestration Setup Checklist
App Orchestration Setup Checklist This checklist is a convenient tool to help you plan and document your App Orchestration deployment. Use this checklist along with the Getting Started with Citrix App
More informationUser Guide for VMware Adapter for SAP LVM VERSION 1.2
User Guide for VMware Adapter for SAP LVM VERSION 1.2 Table of Contents Introduction to VMware Adapter for SAP LVM... 3 Product Description... 3 Executive Summary... 3 Target Audience... 3 Prerequisites...
More informationVMware vcenter Update Manager Administration Guide
VMware vcenter Update Manager Administration Guide vcenter Update Manager 4.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationDirections for VMware Ready Testing for Application Software
Directions for VMware Ready Testing for Application Software Introduction To be awarded the VMware ready logo for your product requires a modest amount of engineering work, assuming that the pre-requisites
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationVirtually Pwned Pentesting VMware. Claudio Criscione @paradoxengine c.criscione@securenetwork.it
Virtually Pwned Pentesting VMware Claudio Criscione @paradoxengine c.criscione@securenetwork.it /me Claudio Criscione The need for security Breaking virtualization means hacking the underlying layer accessing
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationBefore we can talk about virtualization security, we need to delineate the differences between the
1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via
More informationNetScaler VPX FAQ. Table of Contents
NetScaler VPX FAQ Table of Contents Feature and Functionality Frequently Asked Questions... 2 Pricing and Packaging Frequently Asked Questions... 4 NetScaler VPX Express Frequently Asked Questions... 5
More informationA Survey on Virtual Machine Security
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak CR V4.1 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationVirtualization Technologies (ENCS 691K Chapter 3)
Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the
More informationPenetration Test Report
Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System
More informationComparing Free Virtualization Products
A S P E I T Tr a i n i n g Comparing Free Virtualization Products A WHITE PAPER PREPARED FOR ASPE BY TONY UNGRUHE www.aspe-it.com toll-free: 877-800-5221 Comparing Free Virtualization Products In this
More informationJOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI
JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI Job oriented VMWARE training is offered by Peridot Systems in Chennai. Training in our institute gives you strong foundation on cloud computing by incrementing
More informationVMware vsphere Design. 2nd Edition
Brochure More information from http://www.researchandmarkets.com/reports/2330623/ VMware vsphere Design. 2nd Edition Description: Achieve the performance, scalability, and ROI your business needs What
More informationRSA Authentication Manager 8.1 Virtual Appliance Getting Started
RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides
More informationBackup & Disaster Recovery Appliance User Guide
Built on the Intel Hybrid Cloud Platform Backup & Disaster Recovery Appliance User Guide Order Number: G68664-001 Rev 1.0 June 22, 2012 Contents Registering the BDR Appliance... 4 Step 1: Register the
More informationPCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011
Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationVMware Virtual Infrastucture From the Virtualized to the Automated Data Center
VMware Virtual Infrastucture From the Virtualized to the Automated Data Center Senior System Engineer VMware Inc. ngalante@vmware.com Agenda Vision VMware Enables Datacenter Automation VMware Solutions
More informationEnsure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details
ZENworks 11 SP3 System December 2014 The following sections provide the Novell ZENworks 11 SP3 requirements for hardware and software: Section 1, Primary Server, on page 1 Section 2, Managed Device, on
More informationPatch Management. Module 13. 2012 VMware Inc. All rights reserved
Patch Management Module 13 You Are Here Course Introduction Introduction to Virtualization Creating Virtual Machines VMware vcenter Server Configuring and Managing Virtual Networks Configuring and Managing
More informationWhat is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant
What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant Nationwide Insurance Learning Objectives Understand the fundamentals of virtualization and supporting architecture Develop
More informationADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure
ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure Patrick Daigle, VCP, VMware Operations Team Lead, CGI/ITM John Y. Arrasjid, VCP, Sr. Consulting Architect, VMware Agenda Compliance
More information