Ronny L. Bull & Dr. Jeanna Matthews. DerbyCon 4.0. Sept 27th, 2014
|
|
- Elijah Blankenship
- 6 years ago
- Views:
Transcription
1 Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Dr. Jeanna Matthews DerbyCon 4.0 Sept 27th, 2014
2 The Researchers Ronny Bull Computer Science Ph.D. Graduate Student at Clarkson University Lecturer for the Dept. of Computer Science at SUNY Poly Software Engineer at Exelis Inc. Owner of Adirondack IT Solutions, LLC Dr. Jeanna Matthews Associate Professor for the Dept. of Computer Science at Clarkson University
3 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
4 Abstract Cloud Services Offer customers virtual server hosting in multi-tenant environments Virtual machines are typically all connected to a single virtual networking device within the host Host systems may utilize a virtual bridge or more robust virtual switch for inter-networking virtual machines Software emulated version of physical devices
5 The Question Since all client virtual machines are essentially connected to a virtual version of a physical networking device, do Layer 2 network attacks that typically work on physical devices apply to their virtualized counterparts? Important question to explore: All cloud services that rely on virtualized environments could be vulnerable This includes data centers hosting mission critical or sensitive data!
6 Coke vs Pepsi What if they hosted their data services at the same provider?
7 Coke vs Pepsi What if their virtual servers were co-located on the same host?
8 Coke vs Pepsi What if there was a fairly easy way for one to gain a competitive edge?
9 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
10 Virtualization Overview
11 Virtualization Overview
12 Centralized Virtualization
13 Decentralized Virtualization
14 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
15 Multi-Tenancy Cloud service providers maximize resources Place multiple client VMs on same physical host Share CPU, Memory, Networking, & Storage resources Heterogeneous environments (OS, Services) Client access to VMs varies Some grant full root privileges Installation from scratch by client Pre-canned templates Others restrict setup or build to suit customer needs
16 Multi-Tenancy Service Providers Amazon EC2 Microsoft Azure Google Cloud Services Countless fly by night VPS hosting providers online Brick and mortar data centers serving local clients Similarities Most run some form of Xen (OS Xen, XenServer) Some use VMWare or Hyper-V All share network connectivity between tenants
17 Multi-Tenancy
18 Multi-Tenant Networking
19 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
20 Bridging Physical bridges connect two or more segments at Layer 2 Separate collision domains Maintain MAC address forwarding table for each segment Forward requests based upon destination MAC addresses Do not cross bridge if destination is on same segment as source Cross if destination is on a different segment connected to the bridge
21 Bridging
22 Virtual Bridges Simplest form of virtual networking Uses 802.1d Ethernet Bridging Support built into Linux kernel and bridge-utils userspace package Uses virtual TAP interfaces to connect virtual machines to virtual bridge (ie. tap0) User-space Network Tap Simulates a Layer 2 (link layer) network device
23 Virtual Bridging
24 Switching Physical switches operate at Layer 2 or higher Multi-port bridges Separate collision domains CAM Table Content Addressable Memory Similar to bridge forwarding table Dynamic table that maps MAC addresses to ports Allows switches to intelligently send traffic to connected devices Check frame header for destination MAC and forward Finite amount of memory!
25 Ethernet Frame Preamble 8 Dest. Address 6 Source Address 6 Preamble Dest. Address 6 8 Type / Length 2 Data FCS ~ 4 What the switch needs to match against its CAM
26 Switching
27 Virtual Switches Advanced form of virtual networking Can emulate Layer 2 and higher physical devices Virtual machines connect to vswitch via virtual interfaces (ie. vif0) Similar to tap devices Able to provide services such as QoS VLAN traffic separation Performance & traffic monitoring
28 Virtual Switching
29 Virtual Switches Variety of virtual switches available Typically bound to certain environments Open vswitch OS Xen, Citrix XenServer, KVM, Prox-Mox Cisco Nexus 1000V Series VMWare vsphere, MS Hyper-V (add-on) MS Hyper-V Virtual Switch Microsoft Hyper-V All are considered as enterprise level solutions
30 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
31 Layer 2 Network Attacks MAC Flooding Flood switch with numerous random MAC addresses to fill the CAM table buffer Forces switch into fail safe mode (a.k.a. Hub mode) All frames forwarded to all connected devices Breaks collision domain separation Works well on most physical switches Can be mitigated by enforcing port security on physical switches Feature only currently available on Cisco Nexus 1000V 'Non-Free' version (VMWare Essentials Plus)
32 Layer 2 Network Attacks VLAN Hopping Frames can be modified to allow traffic to hop VLANs Gain unauthorized access to portions of network Modify VLAN tag to put attacker on target network Requires access to default VLAN or trunk port Can be mitigated by strict VLAN configuration of physical switch ports
33 Layer 2 Network Attacks DHCP Attacks Rogue DHCP server is placed on the network Allows attackers to perform man-in-the-middle attacks Get clients to associate with rogue services DNS TFTP Can create DoS situations Duplicate addressing Can be mitigated by enforcing static addressing
34 Layer 2 Network Attacks ARP Spoofing Broadcast fake Address Resolution Protocol messages to a network Can be used to hijack traffic destined for another host Eavesdropping Man-in-the-middle attacks Also can be used to perform DoS attacks on a server Can be mitigated by using static ARP entries
35 Multi-Tenant Cloud Malicious VM
36 Multi-Tenant Cloud Malicious VM
37 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
38 Test Environment A.K.A. SUNY Poly Cloud Security Research Lab
39 Demo MAC Flooding attack on Bridged interface MAC Flooding attack on Virtual Switched interface Gentoo, OS Xen, Linux Kernel Bridging Gentoo, OS Xen, Latest Open vswitch MAC Flooding attack on Virtual Switched interface (enterprise) Citrix XenServer Uses an older implementation of Open vswitch
40 Coke vs Pepsi What if there was a fairly easy way for one to gain a competitive edge?
41 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
42 Results (MAC Flooding - Bridged)
43 Results (MAC Flooding OVS 2.0.0)
44 Results (MAC Flooding - Overall) Hypervisor Virtual Switch Vulnerable OS Xen 4.3 Linux 802.1d Bridging No OS Xen 4.3 Open vswitch Yes OS Xen 4.3 Open vswitch Yes Citrix XenServer 6.2 Open vswitch Yes M.S. Server 2008 R2 w/hyperv M.S. Hyper-V Free MS Hyper-V Switch No MS Hyper-V Switch No Vmware vsphere (ESXi) 5.5 Default vswitch N/A
45 Conclusion All Layer 2 vulnerabilities discussed were targeted towards the virtual networking devices not the hypervisors themselves Results show that virtual networking devices CAN be just as vulnerable as their physical counterparts Further research and experimentation is necessary to find out more similarities XenServer and any other solutions utilizing Open vswitch are vulnerable out of the box!
46 Conclusion A single malicious virtual machine has the potential to sniff all traffic passing over a virtual switch This can pass through the virtual switch and affect physically connected devices allowing traffic from other parts of the network to be sniffed as well! Significant threat to the confidentiality, integrity, and availability (CIA) of data passing over a network in a virtualized muli-tenant environment
47 Acknowledgments Special thanks to the following people: My Ph.D. Advisor, Dr. Jeanna Matthews Nick Merante, and his SUNY Poly DogNet student admins My Cloud Security Research Lab assistants: Dylan Long and Dan Spier Chris Urban, SUNY Poly Computer Science Dept. chair SUNY Poly Research Foundation SUNY Poly NCS Club!
48 Presentation Outline Abstract Virtualization Overview Multi-Tenancy Virtual Networking Bridges Switches Layer 2 Network Attacks Demo Results Discussion
VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments
VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments Dr. Ronny L. Bull, Ph.D. Utica College Nexus Seminar Series Nov 10th 2017 About Me Ph.D. in Computer Science from Clarkson
More informationCLARKSON UNIVERSITY. A Doctoral Dissertation. Ronny L. Bull. Department of Computer Science. Submitted in partial fulfillment of the requirements
CLARKSON UNIVERSITY A CRITICAL ANALYSIS OF LAYER 2 NETWORK SECURITY IN VIRTUALIZED ENVIRONMENTS A Doctoral Dissertation By Ronny L. Bull Department of Computer Science Submitted in partial fulfillment
More informationCritical Analysis of Layer 2 Network Security in Virtualized Environments. Ronny L. Bull and Jeanna N. Matthews
Critical Analysis of Layer 2 Network Security in Virtualized Environments Ronny L. Bull and Jeanna N. Matthews Wallace H. Coulter School of Engineering, Clarkson University, Potsdam, NY, 13676, USA E-mail:
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationInternetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview
Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above
More informationCloud Networking (VITMMA02) Server Virtualization Data Center Gear
Cloud Networking (VITMMA02) Server Virtualization Data Center Gear Markosz Maliosz PhD Department of Telecommunications and Media Informatics Faculty of Electrical Engineering and Informatics Budapest
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationData Center Virtualization: VirtualWire
Data Center Virtualization: VirtualWire Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 21, 2014 Slides from USENIX Workshop on
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More informationANALYSIS OF VIRTUAL NETWORKS IN DATA CENTERS.
ANALYSIS OF VIRTUAL NETWORKS IN DATA CENTERS. Ionka Gancheva, PhD student 45 Abstract: The article contains an analysis of virtual networks and technologies that are used at data centers nowadays. Many
More informationNetwork+ Guide to Networks 7 th Edition
Network+ Guide to Networks 7 th Edition Chapter 10 Network Segmentation and Virtualization 2016 Cengage Learning. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationCatalyst 1900 Series and Catalyst 2820 Series Enterprise Edition Software Configuration Guide
INDEX A allowed list, VLAN 2-28 to 2-29 ATM 2-5 firmware upgrade B-5 to B-7 LANE trunk connections 1-4 module 2-9, 2-13, 2-23 networks 2-5 trunk 2-4, 2-14 B bridge groups 3-15 bridge number 2-10 Bridge
More informationHypervisors networking: best practices for interconnecting with Cisco switches
Hypervisors networking: best practices for interconnecting with Cisco switches Ramses Smeyers Customer Support Engineer Agenda What is this session about? Networking virtualization concepts Hypervisor
More informationXen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems
Xen and CloudStack Ewan Mellor Director, Engineering, Open-source Cloud Platforms Citrix Systems Agenda What is CloudStack? Move to the Apache Foundation CloudStack architecture on Xen The future for CloudStack
More informationExample: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection
More informationVirtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
More informationVirtualized Access Layer. Petr Grygárek
Virtualized Access Layer Petr Grygárek Goals Integrate physical network with virtualized access layer switches Hypervisor vswitch Handle logical network connection of multiple (migrating) OS images hosted
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationDeploy the ExtraHop Discover Appliance with VMware
Deploy the ExtraHop Discover Appliance with VMware Published: 2018-07-17 The ExtraHop virtual appliance can help you to monitor the performance of your applications across internal networks, the public
More informationIPv6 Microsegmentation
IPv6 Microsegmentation Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web developer Sysadmin, database admin,
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationSecurity Gateway Virtual Edition
Security Gateway Virtual Edition R75.20 Administration Guide 4 March 2012 Classification: [Restricted] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation
More informationBIG-IP Virtual Edition and Cloud-Init. Version 13.0
BIG-IP Virtual Edition and Cloud-Init Version 13.0 Table of Contents Table of Contents About Cloud-Init and BIG-IP VE...5 About Cloud-Init and BIG-IP VE...5 Hypervisors with Cloud-Init support in BIG-IP
More informationSecurity Gateway Virtual Edition
Security Gateway Virtual Edition R71 Release Notes 9 February 2012 Classification: [Restricted] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are
More informationNexus 1000V in Context of SDN. Martin Divis, CSE,
Nexus 1000V in Context of SDN Martin Divis, CSE, mdivis@cisco.com Why Cisco Nexus 1000V Losing the Edge Server Admin Host Host Host Host Server Admin manages virtual switching! vswitch vswitch vswitch
More informationOnboarding VMs to Cisco Metacloud
White Paper Onboarding VMs to Cisco Metacloud This white paper will explain the process for exporting existing virtual machines from either VMware vsphere or AWS EC2 into Cisco Metacloud. This process
More informationCisco HyperFlex Systems
White Paper Cisco HyperFlex Systems Install and Manage Cisco HyperFlex Systems in a Cisco ACI Environment Original Update: January 2017 Updated: March 2018 Note: This document contains material and data
More informationThe only open-source type-1 hypervisor
Monika Danikáková What is Xen? The only open-source type-1 hypervisor For Unix and Unix-like OS Linux, NetBSD and OpenSolaris From ancient greek term Xenos (ξένος), guest-friends Developed by the University
More informationReference Architecture. DataStream. Architecting DataStream Network. Document # NA Version 1.03, January
Reference Architecture DataStream Architecting DataStream Network Document # 317-0026NA Version 1.03, January 2016 www.cohodata.com Abstract This document provides an overview of data center networking
More informationDistributed Systems. 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski Rutgers University Fall 2013 December 12, 2014 2013 Paul Krzyzanowski 1 Motivation for the Cloud Self-service configuration
More informationCCNP Switch Questions/Answers Securing Campus Infrastructure
What statement is true about a local SPAN configuration? A. A port can act as the destination port for all SPAN sessions configured on the switch. B. A port can be configured to act as a source and destination
More informationMcAfee Network Security Platform
Revision B McAfee Network Security Platform (9.2.9.3-9.2.5.34 Manager-NS3500 Release Notes) Contents About this release New Features Resolved issues Installation instructions Known issues Product documentation
More informationSwitched Ethernet Virtual LANs
Switched Ethernet Virtual LANs Computer Networks Lecture 4 http://goo.gl/pze5o8 Switched Ethernet 2 LAN Switches Behave as bridges (operates in the logical tree topology) Switching is implemented by hardware
More informationdouble split driver model
software defining system devices with the BANANA double split driver model Dan WILLIAMS, Hani JAMJOOM IBM Watson Research Center Hakim WEATHERSPOON Cornell University Decoupling gives Flexibility Cloud
More informationCloud Networking From Theory to Practice. Ivan Pepelnjak NIL Data Communications
Cloud Networking From Theory to Practice Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Who is Ivan Pepelnjak... in 30 Seconds Networking engineer since 1985 (DECnet, Netware, X.25, OSI, IP...)
More informationVMWARE SOLUTIONS AND THE DATACENTER. Fredric Linder
VMWARE SOLUTIONS AND THE DATACENTER Fredric Linder MORE THAN VSPHERE vsphere vcenter Core vcenter Operations Suite vcenter Operations Management Vmware Cloud vcloud Director Chargeback VMware IT Business
More informationMulti-tenancy. Feature Information for Multi-tenancy
Feature Information for, page 1, page 2 Bridge-Domain, page 3 VN-Segment, page 5 Bridge-Domain Interface, page 8 Configuring Multiple Leaf, page 10 Feature Information for Table 1: Feature Information
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationChapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1
Chapter 3 Part 2 Switching and Bridging Networking CS 3470, Section 1 Refresher We can use switching technologies to interconnect links to form a large network What is a hub? What is a switch? What is
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationSwitching & ARP Week 3
Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly
More informationSWITCH Implementing Cisco IP Switched Networks
Hands-On SWITCH Implementing Cisco IP Switched Networks CCNP Course 2 Course Description Revised CCNP Curriculum and Exams Cisco has redesigned the CCNP courses and exams to reflect the evolving job tasks
More informationBackup Edition Comparison OVERVIEW
Backup 12.5 Edition Comparison Available in and editions, protects data on 21 platforms in on-premises and remote systems, in private and public clouds, and on mobile devices. With active protection from
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 4 About
More informationLecture 7: Ethernet Hardware Addressing and Frame Format. Dr. Mohammed Hawa. Electrical Engineering Department, University of Jordan.
Lecture 7: Ethernet Hardware Addressing and Frame Format Dr. Mohammed Hawa Electrical Engineering Department University of Jordan EE426: Communication Networks MAC Addresses The shared medium in a LAN
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More informationAgenda Introduce NSX-T: Architecture Switching Routing Firewall Disclaimer This presentation may contain product features that are currently under dev
NET1863BE NSX-T Advanced Architecture Concepts Dimitri Desmidt / Yasen Simeonov September 2017 Agenda Introduce NSX-T: Architecture Switching Routing Firewall Disclaimer This presentation may contain product
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, please review the readme files,
More informationLAN Interconnection and Other Link Layer Protocols
LAN Interconnection and Other Link Layer Protocols Ethernet dominant link layer technology for local-area networks Ethernet frame structure Kai Shen Dept. of Computer Science, University of Rochester Ethernet
More informationMcAfee Endpoint Security for Servers Product Guide
McAfee Endpoint Security for Servers 5.2.0 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,
More informationChapter 5 Reading Organizer After completion of this chapter, you should be able to:
Chapter 5 Reading Organizer After completion of this chapter, you should be able to: Describe the operation of the Ethernet sublayers. Identify the major fields of the Ethernet frame. Describe the purpose
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationSupport for Smart NICs. Ian Pratt
Support for Smart NICs Ian Pratt Outline Xen I/O Overview Why network I/O is harder than block Smart NIC taxonomy How Xen can exploit them Enhancing Network device channel NetChannel2 proposal I/O Architecture
More informationHP FlexFabric Virtual Switch 5900v Technology White Paper
HP FlexFabric Virtual Switch 5900v Technology White Paper Part number: 5998-4548 Document version: 6W100-20131220 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein
More informationNeutron: peeking behind the curtains
Neutron: peeking behind the curtains (that is to say how Neutron builds virtual networks) Salvatore Orlando VMware Twitter: @taturiello IRC: salv-orlando Email: sorlando(at)vmware.com Before we start Make
More informationExample: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces Requirements Ethernet LAN switches are vulnerable to attacks
More informationVirtual Scanner Appliance User Guide. March 7, 2018
Virtual Scanner Appliance User Guide March 7, 2018 Copyright 2012-2018 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are
More informationMulti-tenancy Virtualization Challenges & Solutions. Daniel J Walsh Mr SELinux, Red Hat Date
Multi-tenancy Virtualization Challenges & Solutions Daniel J Walsh Mr SELinux, Red Hat Date 06.28.12 What is Cloud? What is IaaS? IaaS = Infrastructure-as-a-Service What is PaaS? PaaS = Platform-as-a-Service
More informationInternetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview
Internetwork Expert s CCNP Bootcamp Hierarchical Campus Network Design Overview http:// Hierarchical Campus Network Design Overview Per Cisco, a three layer hierarchical model to design a modular topology
More informationCCNP SWITCH (22 Hours)
CCNP SWITCH 642-813 (22 Hours) Chapter-1 Enterprise Campus Network Design 1.1 IIN & SONA 1.2 Campus Network 1.3 Enterprise Model 1.4 Nonhierarchical Network Devices Layer-2 Switching, Layer-3 Routing Multilayer
More informationWireless Network Security
Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationFabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc
Fabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc Agenda Why Secure a SAN? SAN Security Threats Weaknesses Fabric Security Controls Security
More informationIntroduction to Switched Networks Routing And Switching
Introduction to Switched Networks Routing And Switching 1 Converged Networks Growing Complexity of Networks Our digital world is changing Information must be accessed from anywhere in the world Networks
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationKASPERSKY SECURITY FOR VIRTUALIZATION LIGHT AGENT. Quick Deployment Guide.
KASPERSKY SECURITY FOR VIRTUALIZATION LIGHT AGENT www.kaspersky.com CONTENTS About This Guide 4 Notation Used 4 Product Components and Their Interaction 5 General Product Installation Procedure 8 Installing
More informationBuilding Cisco Multilayer Switched Networks (BCMSN)
Building Cisco Multilayer Switched Networks (BCMSN) Table of Contents Module 1 Defining VLANs Implementing Best Practices for VLAN Topologies Describing Issues in a Poorly Designed Network Grouping Business
More informationDesign and Implementation of Virtual TAP for Software-Defined Networks
Design and Implementation of Virtual TAP for Software-Defined Networks - Master Thesis Defense - Seyeon Jeong Supervisor: Prof. James Won-Ki Hong Dept. of CSE, DPNM Lab., POSTECH, Korea jsy0906@postech.ac.kr
More informationAcronis Backup 12.5 License Comparison incl. cloud deployment functionality
DATA SHEET ACRONIS BACKUP LICENSING COMPARISON Acronis Backup 12.5 License Comparison incl. cloud deployment functionality 1 VIRTUAL HOST OFFICE 365 VIRTUAL HOST OFFICE 365 Storage disks, NAS, SAN, Acronis
More informationRelease Notes for Cisco UCS Platform Emulator, Release 3.1(1ePE1)
Release Notes for Cisco UCS Platform Emulator, Release 3.1(1ePE1) First Published: April 12, 2016 Current Release: 3.1(1ePE1) This document describes system requirements, new features, images information,
More informationCloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking
Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Markosz Maliosz PhD Department of Telecommunications and Media Informatics Faculty of Electrical Engineering
More informationConfiguring IPv6 First-Hop Security
This chapter describes the IPv6 First-Hop Security features. This chapter includes the following sections: Finding Feature Information, on page 1 Introduction to First-Hop Security, on page 1 RA Guard,
More informationLecture 09: VMs and VCS head in the clouds
Lecture 09: VMs and VCS head in the Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people submit one form per group with OCF usernames, proposed project ideas, and
More informationPotential threats in tactical networks
Potential threats in tactical networks Szymon KĄCIK, Mateusz MICHALSKI, Krzysztof STRZELCZYK, Krzysztof ZUBEL, Military Communication Institute; Communication Systems Division Zegrze, Poland sz.kacik@wil.waw.pl
More informationCitrix XenServer 7.1 Feature Matrix
Citrix XenServer 7.1 Matrix Citrix XenServer 7.1 Matrix A list of Citrix XenServer 7.1 features by product edition, including XenApp and XenDesktop license entitlements. Comprehensive application and desktop
More informationDeploy the ExtraHop Discover Appliance with VMware
Deploy the ExtraHop Discover Appliance with VMware Published: 2018-09-26 Published: 2018-09-26 The ExtraHop virtual appliance can help you to monitor the performance of your applications across internal
More informationFusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink
FusionHub SpeedFusion Virtual Appliance Installation Guide Version 1.1.0-5 2015 Peplink FusionHub Installation Guide Table of Contents 1. Purpose... 2 2. FusionHub License Generation... 2 3. FusionHub
More informationMcAfee Network Security Platform 8.3
Virtual IPS Administration Guide Revision C McAfee Network Security Platform 8.3 For Private, Public, and Hybrid Clouds COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee
More informationCisco Networking Academy CCNP
Semester 3 v5 -Chapter 8 Cisco Networking Academy CCNP Minimizing Service Loss and Data Theft in a Campus Network Switch security concerns Network security coverage often focuses on edge-routing devices
More informationBackup License Comparison OVERVIEW
Backup 12.5 Comparison Acronis Backup 12.5 is the world s easiest and fastest backup solution, protecting data on 21 platforms, whether data is located on-premises, in remote systems, in private and public
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationImplementing Cisco IP Switched Networks (SWITCH)
Implementing Cisco IP Switched Networks (SWITCH) COURSE OVERVIEW: Implementing Cisco Switched Networks (SWITCH) v2.0 is a five-day instructor-led training course developed to help students prepare for
More informationVirtual Switches. Yao-Min Chen. Virtual Switches
Virtual Switches Yao-Min Chen Virtual Switches Outline Virtual Networks and Virtual Switches Xen Networking and Bridging XenServer Networking Open vswitch Virtual Switches Virtual Network A virtual network
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationBrocade and VMware Strategic Partners. Kyle Creason Brocade Systems Engineer
Brocade and VMware Strategic Partners Kyle Creason Brocade Systems Engineer Brocade Data Center Network Technologies Strategic focus areas FIBRE CHANNEL FABRICS ETHERNET FABRICS CORE ROUTING SDN NFV CLOUD
More informationConfiguring SPAN and RSPAN
34 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationVersion Installing your 3CX PBX
Version 20160711 Installing your 3CX PBX Goal of this Module Installing 3CX Successfully Prerequisites Concepts of Networks FQDN Certificates Web Based Setup Wizard Pre-req: Operating Systems Windows Operating
More informationComputer Networking. December 2004 CEN CN
Computer Networking CEN CN 1 Layer 2 - Bridge Frame Header Data Bridge Trailer Data Link Layer Physical Layer More complex than repeat, it requires hardware and software Bridges have diminished because
More informationReference Guide Revision B. McAfee Cloud Workload Security 5.0.0
Reference Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationMan-In-The-Browser Attacks. Daniel Tomescu
Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET1416BE NSX Logical Routing Yves Hertoghs Pooja Patel #VMworld #NET1416BE Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationQuantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer
Quantum, network services for Openstack Salvatore Orlando sorlando@nicira.com Openstack Quantum core developer Twitter- @taturiello Caveats Quantum is in its teenage years: there are lots of things that
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationOverlay Virtual Networking Explained. Ivan Pepelnjak NIL Data Communications
Overlay Virtual Networking Explained Ivan Pepelnjak (ip@ipspace.net) NIL Data Communications http://commons.wikimedia.org/wiki/file:telefon_bw_2012-02-18_13-44-32.jpg 2 ipspace.net / NIL Data Communications
More information