Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview We are well aware that virtualization has been widely implemented, however, there are questions regarding adequate considerations for security threats, known or perceived. It appears that many organizations rest on superior security at the physical layer for a secure virtual layer. This is due in part to an organization that is not aware of the risks associated specifically with the virtual layer or individuals that lack the knowledge to implement adequate security measures. This course changes everything. This course covers all known and many perceived risks, demonstrates how to hack some of those risks and covers the best hardening practices known today. It covers many technologies related to the VMware vcloud Suite so that you know what you can and cannot do with the software as well as what needs to be added to your security posture to ensure a secure private cloud! Why Attend this Course Learn the latest technologies used to secure the vsphere and Private Cloud Infrastructure. The risks to a virtual datacenter are higher than most organizations realize, be prepared to mitigate those risks. Become a leader in the industry by staying on top of the security issues related to the private cloud. We cover the best third party solutions related to virtualization and the private cloud. This course will teach you how to test some of these known risks. Our team of developers have worked in the security field for many years, they pioneered today s designs for a secure virtual infrastructure and wrote the first course on virtual security, they have tried and true best practices throughout this course. 50% of your time will be hands on! You will learn: Latest technologies in securing a virtual and private cloud infrastructure Foundational concepts in virtualization security How to Securely designing your infrastructure for today and tomorrow The best third party security solutions on the market today The latest risks known to the vsphere product How to audit vsphere Details on the vcloud Networking and Security Product Implementation of Endpoint security
The best built in security controls for the vsphere products Why virtualization can make your infrastructure more secure How to Harden the entire infrastructure, not just a few items Audience Security Administrators and Engineers, Pen Testers, Virtualization/Cloud Administrators, and Engineers, System Engineers and Administrators Prerequisites Two Years IT Security Experience, Network+ Certification or Equivalent Knowledge, Two Years Experience with Microsoft or Linux Servers, Basic Virtualization/Cloud Knowledge Course Objectives Chapter 1 Course Introduction Chapter 2 Virtualization and Cloud Overview 1. Overview of Virtualization 2. Overview of Cloud Technologies 3. Design a. Functional Requirements b. Security Implications c. Examples Chapter 3 Developing a vsphere Private Cloud Security Posture 1. CIA Triad 2. Threat Modeling 3. Emerging Threats a. External Threats b. Internal Threats 4. Seven Step Approach to a Desired Security Posture 5. Control Architecture Chapter 4 vsphere Native Controls 1. ESXi Secure Architecture and know risks a. vcpu b. vmemory 2. Virtual Machines Secure Architecture and known risks a. Virtual Machine Hardware b. Virtual Machine Files c. vcenter Features i. Clones Page 2 of 5
ii. Templates iii. Linked Clones iv. Snapshots v. Logging 3. Host and Cluster Native Controls and known risks a. Roles and Permissions b. Resource Pools c. VMKernel Preventative Controls d. vsphere 5.x Preventative Controls e. ESXi File Systems Structure f. Logging g. Lock Down Mode h. SSH Access i. ESXi Firewall 4. vcloud Networking and Security a. Edge b. App Firewall c. VXLAN d. Data Security e. vcloud Ecosystem Framework Chapter 5 vnetwork Native Controls 1. vswitch Native Controls 2. DvSwitch Native Controls 3. How traffic routes 4. Forged Packets 5. VLANs 6. PVLANs 7. vnetwork Risks Chapter 6 vstorage Security 1. Understanding Storage within the Virtual Architecture 2. Native Controls a. Storage Capabilities based on Versions b. Storage I/O Control c. vsphere Storage API s d. All Paths Down and Permanent Device Loss e. Storage Profiles, Clusters and DRS 3. Fiber Channel Security 4. iscsi Security Page 3 of 5
Chapter 7 Third Party Mitigation Solutions 1. Catbird 2. Cisco Adaptive Security Virtual Appliance 3. Firefly Host Juniper Networks Product 4. HyTrust 5. Sophos Endpoint Antivirus Cloud 6. Reflex VMC 7. TrendMicro Deep Security 8. WatchGuard Chapter 8 Assessing and Remediating 1. Assessment Program Objectives 2. Assessment Program Scope 3. Prerequisites and Reliance 4. Assessment Skills Requirement Chapter 9 Hardening the Virtual Machines 2. Making best use of Templates 3. Isolating the VM 4. Managing Resources 5. Advanced Settings 6. Preventing Known Risks 7. Auditing the VM 8. Endpoint Security Chapter 10 Hardening the Host 2. Managing Users 3. DCUI Management 4. Managing Access to Host 5. Firewall Best Practices 6. Advanced Settings 7. vnetwork Hardening 8. vstorage Hardening 9. Managing Certificates Chapter 11 Hardening vcenter 2. Controlling Access 3. Managing Plug Ins a. Converter Page 4 of 5
b. Update Manager c. vcli d. And Others 4. Managing Certificates 5. vcert Manager 6. Using the App Firewall Appendix Additional Products only covered in extended hour s delivery (Bootcamp Format) 1. vcloud Native Controls a. How vcloud functions with vsphere b. Roles and Permissions c. Tenant and Landlord Controls d. vnetwork Controls e. vstorage Controls f. vapp Controls 2. Compliance and vcenter Configuration Manager a. Overview of Compliance b. How Configuration Manager Helps c. Key components d. Free Compliance Checking Tools 3. Additional vcloud Networking Deep Dive a. Edge b. VXLAN c. Data Security To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Page 5 of 5