Table of Contents HOL-PRT-1464

Transcription

1 Table of Contents Lab Overview - - Applying Data Center Security with Symantec & VMware NSX... 2 Lab Guidance... 3 About Symantec Data Center Security: Server... 4 Module 1 - Configure policies, Test Virtual Machine, and NSX Security Group (15 Min)... 5 Introduction... 6 Prepare Test Virtual Machine... 7 Deploy Virtual Machine Threat Protection Policy Create a NSX Security Group Summary Module 2 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features (45 Min) Introduction Threat Detection and Quarantine Purging Rescanning and Whitelisting Summary Module 3 - Demonstrate Symantec's Virtual Machine Network Security Introspection (30 Min) Introduction Create New NSX Security Policy with Network Introspection Services...65 Simulate Inbound Network Threat in Log Only Mode Simulate Inbound Network Threat and Block It Summary Summary Review of DCS and NSX Conclusion Interested in our solution? Page 1

2 Lab Overview - HOL- PRT Applying Data Center Security with Symantec & VMware NSX Page 2

3 Lab Guidance With Software Defined Data Centers (SDDC), there is even more demand for application to be made available at the speed of business, leading to automation in orchestration and deployment. This has enabled IT organizations to be agile and lower their time to market. However, we continue to see security as a bottleneck. Symantec Data Center Security: Server removes this bottleneck by lowering the security tax by providing frictionless threatprotection with the best in class AV scan engine from Symantec. It leverages VMware NSX Service Composer to automate and orchestrate security policies mapped to security groups. It follows the best practices of VMware NSX to deliver agentless malware and network intrusion prevention (NIPS) for workloads on Software Defined Data Centers. The lab contains the following modules: Module 1 - Configure Policies, Test Virtual Machine and NSX Security Group (15 Min) Module 2 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features (40 Min) Module 3 - Demonstrate Symantec's Virtual Machine Network Security Introspection (30 Min) You have 90 minutes to complete all the modules above. Lab Captains: Daniel Lopez, Amit Chakrabarty Page 3

4 About Symantec Data Center Security: Server Symantec Data Center Security protects and secures enterprise data center by a rich set of security controls for both physical and virtual server environment. Symantec Data Center Security: Server delivers agentless malware protection for VMware infrastructures via a security virtual appliance, and enables security policy orchestration and automated workflows for the software-defined data center (SDDC). Symantec Data Center Security: Server Advanced extends Symantec Data Center Security: Server by incorporating technologies previously known as Critical System Protection. Server Advanced provides granular, policy-based controls via a low impact in-guest agent to monitor and protect heterogeneous physical and virtual server environments. Page 4

5 Module 1 - Configure policies, Test Virtual Machine, and NSX Security Group (15 Min) Page 5

6 Introduction In this section you will do the prep work that is required for the future modules. As part of this you will: Prepare the Test Guest Virtual Machine with Eicar threat test files. Access Symantec Data Center: Server management console to create threat protection policies and publish them to VMware NSX. Use VMware NSX Service Composer to create security groups and add virtual machines to this group. Page 6

7 Prepare Test Virtual Machine To begin these steps, make sure you are in the Controlcenter VM. Access the Test Virtual Machine via RDP Double-click on the "TestGvm.RDP" shortcut on the Desktop. Unzip the Eicar text file Double-click on the eicar.zip on the Desktop. Notice that inside this zip file there is a text file called "eicar.txt". Eicar files are used to test threat protection engines. While real malware could do damage, this test file allows you to test anti-virus software without having to use a real virus file. Eicar files are indentified as verified virus file. For this module, the Eicar file will be used to test the threat protection features of Symantec Data Center Security:Server scan engine. This file will be copied to several locations in the next steps. Leave the window up. Page 7

8 Create first demo folder Open another Window Explorer window. Go to the C:\ drive and create a folder called "TP_Demo1". Add Eicar text file to first demo folder Drag and drop the eicar.txt inside the archive to the "TP_Demo1" folder. Create second demo folder Go back to the C:\ drive and create another folder called "TP_Demo2". Page 8

9 Add Eicar text file to second demo folder Drag and drop the eicar.txt inside the archive to the "TP_Demo2" folder. Clean up all of the remaining Eicar files There are several other locations where the Eicar test file(s) are located. Removing these files will allow for fewer false positives. Delete EICAR zip file from Desktop Right-click on the eicar.zip on the Desktop and select Delete. Close all folder and files To prevent the On-Access Scan on test files close all opened folders and files. Minimize the Test Virtual Machine RDP session The preparation for the Test Virtual Machine is now completed. Minimize the TestGvm RDP session. Page 9

10 Deploy Virtual Machine Threat Protection Policy To begin these steps return to the Controlcenter VM. Access the Symantec Data Center Security: Server Management Server Double-click on the "Symantec DCS.RDP" shortcut on the Desktop of the Controlcenter. Symantec Data Center Security: Server Management Console Click on the "Management Console" shortcut on the Desktop of the Symantec DCS RDP session. Page 10

11 Log into the Management Console Credentials to access the Management Console are: User name: symadmin Password: VMware1! Click on the "Log On" button Access the Virtual Machine Threat Protection policies Go to Policies > Virtual Machine Threat Protection. Page 11

12 Access the Symantec default policies workspace folder Click on Policies > Workspace > Symantec folder on the the left panel. Edit the existing Virtual Machine Threat Protection Policy Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit". Page 12

13 Disable the Rescan policy option On the Policy's General Settings, uncheck the box next to "Rescan Quarantine files when On-Demand scans runs" option. This feature will be enabled in a later step. Page 13

14 Verify proper Network Security Settings Verify that the checkbox next to "Block connection when threats are found..." option is unchecked. Notice that this setting will allow the policy to only log threats. In a later module this feature will be enabled to test Symantec's Network Threat Protection Services. Save Policy Settings Click the "OK" button to save policy settings. Page 14

15 Submit policy changes 1. Type "1" as the new Revision number 2. Click on the "submit" button to finalize and submit policy changes Publish Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Page 15

16 Accept Threat Protection Policy overwrite warning A pop-up informing you that the new changes to the policy will overwrite the existing published policy will appear. Click the "Ok" button. The same policy will be used throughout the lab so overwriting the policy is part of the normal process. Accept Threat Protection policy published successfully pop-up After allowing the policy to be overwritten you will receive a pop-up informing you that the Threat Protection Policy was successfully published. Click on the "Ok" button to confirm. You will now see a green dot next to the "Virtual Machine Threat Protection Policy" reaffirming the action. Minimize the Symantec DCS RDP session The configuration changes and deployment of the Threat Protection Policy are now completed. Minimize the Symantec DCS RDP session. Page 16

17 Create a NSX Security Group In this section you will : Create a security group that will contain the Test virtual machine. This NSX security group will be used for the upcoming modules. To begin this step, make sure that you are in the Controlcenter VM. Acces Google Chrome Web Browser On the ControlCenter VM, click on the Mozilla Firefox web browser shortcut on the Desktop. Feel free to select another browser if desired. Access the vsphere Web Client homepage Click on the Firefox shortcut displayed above. Page 17

18 Login to the vsphere Web Client Home Page Use the following credentials... User name: root Password: VMware1! Do not use Windows session authentication. Access the Networking & Security panel (NSX) On the vsphere Web Client home page select the "Networking & Security" tab to access the VMware NSX appliance settings. Page 18

19 Access the Service Composer On the "Networking & Security" home page select the "Service Composer" tab. Access the Security Groups tab Click on the "Security Groups" tab. Create a new Security Group Click on the "New Security Group" icon. Page 19

20 Name the Security Group Name the security group "Symantec Protected Group". There is no need to add a description. Add Test Virtual Machine to new Security Group 1. Select the third option, "Select objects to include". 2. Scroll through the tabs until you find "Virtual Machine" and click on it. 3. Select the Test Virtual Machine (Win7-DCS-TestGvm) 4. Click the "Finish" button. Page 20

21 Summary In this module you learnt how to : Create policy with Symantec Data Center Security Create NSX security policy and NSX security groups Map policy with security groups You also learnt the powerful concept of micro-segmentation of VMware NSX by using security groups. This features enables you to orchestrate and automate management of security policies in large scale deployments. This is leveraged by Symantec to bring best of the breed products to market by integrating directly with VMware NSX. Page 21

22 Module 2 - Demonstrate Symantec's Virtual Machine Threat Protection and Quarantine Features (45 Min) Page 22

23 Introduction In this module you will learn how to: Create security policies using VMware NSX Service Composer Add an endpoint service for malware threat protection Use VMware NSX Service Composer to consume a policy created by Symantec Data Center Security:Server Map this policy to a security group that is used to protect a Guest Virtual Machine (GVM) Use Symantec Data Center Security:Server management console to verify the GVM that is monitored and protected Evaluate the flexibility of Data Center Security:Server by creating a targeted scans Review quarantined files and their event descriptions Page 23

24 Threat Detection and Quarantine To begin this module access the vsphere Web Client and go to the "Networking & Security" home page. Access the Service Composer On the "Networking & Security" home page select the "Service Composer" tab. Access the Security Policies tab Click on the "Security Policies" tab. Page 24

25 Create new Security Policy Click on the "Create Security Policy" icon. Name the Security Policy Name the Security Policy "DCS AV Security Policy". Leave all the defaults. Click on the "Next" button. Page 25

26 Add an Endpoint Service Click on the "Add endpoint service" icon. Page 26

27 Provide appropriate entries and selections for new Endpoint Service 1. Name: "DCS AV Policy" 2. Action: "Apply" 3. Service Type: "Anti Virus" 4. Service Name: "Symantec DataCenter Security for VMware NSX 5. Service Configuration: "Virtual Machine Threat Protection Policy" 6. State: "Enabled" 7. Enforce: "Yes" 8. Click the "OK" button Page 27

28 Complete the new Security Policy Click on the "Finish" Button to complete the policy. Page 28

29 Apply new Security Policy to existing Security Group Right-click on the new "DCS AV Security Policy" and select "Apply Policy". Page 29

30 Select the Security Group to which Security Policy will be apply to From the resulting pop-up check the security group "Symantec Protected Group" and click on the "OK" button. Page 30

31 Check Security Groups in the Symantec Data Center Security: Server Management Console 1. Go back to your Symantec DCS RDP session by maximizing the Window 2. Go to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups 3. Click "Refresh" 4. Once the refresh completes the "Symantec Protected Group" should appear in the list of Security Groups Page 31

32 Verify that Test Virtual Machine is protected Double-click on the "Symantec Protected Group" to check if the Test Virtual Machine is under the Protected Guest VMs. If the Test Virtual Machine is not in the "Protected Guest VMs" tab click on the Refresh button a few more times (NSX will eventually trickle a message to the Symantec Data Center Security: Server). Page 32

33 Activate a scan on the Test Virtual Machine Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now". Page 33

34 Select scan type option In the resulting pop-up, select "Scan Targeted Paths". Page 34

35 Add File Path Click on the "Add" button and enter the file path "C:\TP_Demo1\eicar.txt". Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the Success pop-up. Page 35

36 Verify path on Test Virtual Machine to see if EICAR test was detected Return to the TestGvm RDP session (Test Virtual Machine), go to C:\TP_Demo1 and verify the eicar.txt file is missing. Page 36

37 Find the quarantined file Go to "C:\VirtualAgent\Quarantine" and verify a file exists. This is the quarantined Eicar test file. Note: Several other files could be present in this folder. Make sure you check the modified date of the file(s) present. The name of the file in this quarantine folder will also differ. Verify data inside quarantine file is obfuscated Open this file in notepad. Verify the data is obfuscated (i.e. Eicar string is not readable). Page 37

38 Verify that "Endpoint malware threat detected" event exists in the Symantec Data Center Security: Server Management Console 1. Minimize the current TestGvm RDP session and return back to the Symantec DCS RDP session 2. Go to Monitors > Events tab and then choose Virtual Machine Threat Protection Events from the Monitor Types 3. Refresh and verify an "Endpoint malware threat detected" event exists. Page 38

39 Check "Endpoint malware threat detected" event details Double-click on the "Endpoint malware threat detected" event. Verify you see the infected file is "C:\TP_Demo1\eicar.txt". Page 39

40 Purging In the previous section an Eicar.txt file was quarantined. In this section, you will see how Data Center Security: Server can be configured to purge quarantined files after a specific time. Confirm purge quarantine files time interval Per the "Virtual Machine Threat Protection Policy", the quarantine file feature was enabled and the default for purging quarantine files was left to purge files older than 30 days. In the next set of steps the Test Virtual Machine's time and date will be modified to make sure that the quarantined file (C:\TP_Demo1\eicar.txt) is successfully purged from the system after the set time interval. Page 40

41 Note the date on the Test Virtual Machine Open the date/time pop-up on the bottom right of the screen. Note the date (i.e. July 16, 2014). Advance date on Test Virtual Machine 30 days forward 1. Click on the start menu and type "PowerShell" 2. Right-click on the "Windows PowerShell" result and select "Run as administrator" 3. Run the following command in PowerShell: Set-Date -Date (Get-Date).AddDays(30) Page 41

42 Verify files are purged from the Quarantine folder Note that the date moved forward 30 days (i.e. August 15, 2014). Within 2 minutes, the files in the quarantine folder will be purged/deleted per the configuration on the "Virtual Machine Threat Protection Policy". If the file doesn't disappear right-click anywhere in the window and select on "Refresh". Page 42

43 Reset time on the Test Virtual Machine Run the following command in PowerShell: Set-Date -Date (Get-Date).AddDays(-30) Confirm that machine is back to original date (i.e. July 16, 2014). Page 43

44 Rescanning and Whitelisting The rescan option in the Threat Protection Policy s Quarantine settings rescans the quarantined files when On-Demand Scans are run. Quarantined files are released/ restored to the original locations if they are no longer classified as threats. This classification is based on new definitions or if they are exclusively whitelisted in the Scan Settings of the Security Virtual Appliance configuration base policy (SVA_Config_Base_Policy). In this section you will Rescanning after Whitelisting the Eicar test file. Activate a second scan on the Test Virtual Machine 1. Go back to your Symantec DCS RDP session by maximizing the Window 2. Go to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups > Symantec Protected Group 3. Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now" Page 44

45 Select scan type option In the resulting pop-up, select "Scan Targeted Paths". Page 45

46 Add File Path 1. Click on the "Add" button 2. Enter the path "C:\TP_Demo2\eicar.txt" 3. Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. Page 46

47 Verify path on Test Virtual Machine to see if Eicar test was detected Return to the TestGvm RDP session (Test Virtual Machine), go to C:\TP_Demo2 and verify the eicar.txt file is missing. Page 47

48 Verify Eicar test file is in quarantine folder Go to "C:\VirtualAgent\Quarantine" and verify the the eicar.txt quarantined file exists. Once you confirm a quarantine file exist go ahead and close all Windows Explorer Window(s). Page 48

49 Edit Virtual Machine Threat Protection Policy 1. Return to your Symantec DCS RDP session 2. Go to Policies > Virtual Machine Threat Protection > Workspace > Symantec folder 3. Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit" Page 49

50 Enable Rescan in the Virtual Machine Threat Protection Policy Check the Rescan quarantined files... option and click the "Ok" button. Page 50

51 Edit policy revision number In the resulting "submit changes" pop-up, edit Revision number from 2 to 1. (This avoids steps to reconfigure Security Policy on the vsphere Web Client) Publish Virtual Machine Threat Protection Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Click OK when asked to over-write existing policy. A second pop-up will appear stating that the policy won't take effect until you apply to a Security Group. Click OK to finalize action. Page 51

52 Find latest "Endpoint malware threat detected" event 1. Go to Monitors > Events > Monitor Types > Virtual Machine Threat Protection Events 2. Notice the latest "Endpoint malware threat detected" event. Double-click on the event to see event details Page 52

53 Copy the Eicar test file hash 1. Copy the file hash value by double-clicking on it to highlight it and using keyboard shortcut CTRL + c 2. Close the event detail window Page 53

54 Edit Security Virtual Appliance Configuration Base Policy 1. Go back to Policies > Virtual Threat Machine Protection > Workspace > Symantec folder 2. Right-click on the "SVA_Config_Base_Policy" and select "Edit" Page 54

55 Whitelist the Eicar test file 1. Go to the "Scan Settings" tab 2. Click on "Edit[+]" to see the list of whitelisted files 3. Click on the "Add" button 4. In "SHA-256 Digest" field, paste the file has copied using the keyboard shortcut CTRL + v 5. In the "Description" field, type "EICAR Test Demo File" 6. Click "OK" to enter the new entry into the list 7. Click on the "OK" button on the policy to save the change 8. Click on the "Submit" button to submit changes (Note: no need to modify Revision number here) Page 55

56 Page 56

57 Publish Security Virtual Appliance Configuration Base Policy Right-click on the "SVA_Config_Based_Policy" and select "Publish". Click OK on the success pop-up. Page 57

58 Activate a third scan on the Test Virtual Machine 1. Go to back to Assets > Virtual Machine Threat Protection > Guest VM View > Security Groups > Symantec Protected Group 2. Click on the "Refresh" Button 3. Right-click on the Test Virtual Machine "Win7-DCS-TestGvm" and select "Scan Now" Page 58

59 Select scan type option In the resulting pop-up, select "Scan Targeted Paths". Page 59

60 Add File Path 1. Click on the "Add" button 2. Enter the path "C:\TP_Demo2\eicar.txt" 3. Click on the "OK" button. Start Scan Click on the "Scan Now" to trigger the threat protection scan. Click "Ok" on the success pop-up. Page 60

61 Verified Whitelisted file was restored 1. Go back to the TestGvm (Test Virtual Machine) RDP session 2. Make sure that the eicar.txt test file in C:\TP_Demo2 was restored 3. The Quarantine folder in C:\VirtuaAgent\Quarantine should be empty Page 61

62 Summary In this module you learned how to: Create security policies on NSX Service Composer and map it to a malware threat protection policy provided Symantec's Security Virtual Appliance (SVA) Apply threat protection policy to a NSX Security Group Verify the assets under Security Groups are monitored by Symantec policy on Symantec Data Center Security: Server management console Run a scan on target Guest Virtual Machine on demand Test threat protection by simulating a virus infection (using Eicar threat test file) Page 62

63 Module 3 - Demonstrate Symantec's Virtual Machine Network Security Introspection (30 Min) Page 63

64 Introduction This module discusses: How to create a network introspection policy on VMware NSX Mapping network introspection policy policy to Symantec Data Center Security policy Apply this policy to a Security Group which has Guest Virtual Machines that needs to be protected. Simulate and initiated a network threat by conducting a SQL injection attack. Prove how the threat can just be log or logged and blocked at the same time. Page 64

65 Create New NSX Security Policy with Network Introspection Services To begin this module access the vsphere Web Client and go to the "Network and Security" home page. Access the Service Composer On the "Network and Security" home page select the "Service Composer" tab. Access the Security Policies tab Click on the "Security Policies" tab. Page 65

66 Create new Security Policy Click on the "Create Security Policy" icon. Name the new Security Policy Name the Security Policy "DCS Network Threat Protection". Page 66

67 Add a new Network Introspection Service option 1. Click on the 4th option on the left side panel named "Network Introspection Services" 2. Click on the green plus (+) icon to add a new Network Introspection Service Page 67

68 Provide appropriate entries and selections for new Network Introspection Service 1. Name: "DCS Network Threat" 2. Service Name: "Symantec DataCenter Security Service for VMware NSX" 3. Profile: "Virtual Machine Threat Protection Policy profile" 4. Source: Click on "Change...", on the source pop-up select "Any" 5. Destination: Leave as "Policy's Security Groups" 6. Click the "OK" button The "Source" and "Destination" selection will apply to Incoming traffic from "Any" to the security group where this policy gets applied. Leave the remaining default settings. Page 68

69 Page 69

70 Finalize changes to the existing Security Policy Click on the "Finish" Button to save and finalize the new "DCS Network Threat" security policy. Page 70

71 Apply new Security Policy to existing Security Group Right-click on the new "DCS Network Threat Protection" and select "Apply Policy". Page 71

72 Select the Security Group to which Security Policy will be apply to From the resulting pop-up check the security group "Symantec Protected Group" and click on the "OK" button. Page 72

73 Simulate Inbound Network Threat in Log Only Mode In this section you will perform the simulation of a network threat, specifically a SQL Injection, to an SQL web front end. The test virtual Machine (TestGvm) is hosting an implementation of PHP for Windows running on an Internet Information Services (IIS) server. The victim website hosted in the Test Virtual machine contains a table with dummy personal identifiable information (PII). A URL with a crafted SQL injection query will be used to test whether the attack is allowed or denied. In this step, the SQL injection simulation will be succesful since the Virtual Machine Threat Detection Policy is set to log only mode. Refresher of Network Security Settings in Virtual Machine Threat Protection policy In an earlier step it was verified that the "Block connection when threats are found (Threats will only be logged when left unchecked)" option was unchecked. There is no need to modify the "Virtual Machine Threat Protection Policy" for this step since the policy is already modified to only log when the threat is found. Type the URL with a crafted SQL injection query and explore results From the Controlcenter access the Mozilla Firefox web browser Click on the "SQL Injection Test" bookmark in the bookmarks bar or type the URL directly: Page 73

74 Notice how the URL is structured and the results you get in the web browser. The PII data is now exposed. Page 74

75 Verify that "Guest network threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Return back to the Symantec DCS RDP session 2. Go to Monitors> Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a Guest network threat detected event exists. Page 75

76 Check "Guest network threat detected" event details The remediation status is Guest network threat logged since the Virtual Machine Threat Protection Policy is configured to only log when the threat is found. Some of the information logged in the event include: threat name, source and destination IP address and port of the network traffic, among others. Page 76

77 Simulate Inbound Network Threat and Block It In this step the network threat (SQL injection) will be activated one more time. This time the SQL injection simulation will fail as we will make changes on the Virtual Machine Threat Protection Policy to prevent the attack from occurring. Access the Virtual Machine Threat Protection policies Go to Policies > Virtual Machine Threat Protection. Access the Symantec default policies workspace folder Click on Policies > Workspace > Symantec folder on the the left panel. Page 77

78 Edit the Virtual Machine Threat Protection Policy Right-click on the "Virtual Machine Threat Protection Policy" and select "Edit". Page 78

79 Modify Network Security Settings to enable the blockage of threats 1. Check the box next to "Block connection when threats are found..." option. 2. Click on the "Ok" button Submit policy changes 1. Type "1" as the new Revision number 2. Click on the "submit" button to finalize and submit policy changes. Page 79

80 Publish Policy Right-Click on the "Virtual Machine Threat Protection Policy" and select "Publish Policy". Accept Threat Protection policy overwrite warning A pop-up informing you that the new changes to the policy will overwrite the existing publish policy will appear. Click the "Ok" button. Page 80

81 Accept Threat Protection Policy published successfully pop-up After allowing the policy to be overwritten you will receive a pop-up informing you that the Threat Protection was successfully published. Click on the "Ok" button to confirm. You will now see a green dot next to the "Virtual Machine Threat Protection Policy" reaffirming the action. Type the URL with a crafted SQL injection query and explore results From the Controlcenter access the Firefox web browser Click on the "SQL Injection Test" bookmark in the bookmarks bar or type the URL directly: Notice how the URL is now blocked. The Virtual Machine Threat Protection Policy is now actively blocking network threats. Page 81

82 Verify that "Guest network threat detected" event exist in the Symantec Data Center Security: Server Management Console 1. Return back to the Symantec DCS RDP session 2. Go to Monitors> Events tab > Monitor Types > Virtual Machine Threat Protection Events 3. Refresh and verify a Guest network threat detected event exists. Page 82

83 Check "Guest network threat detected" event details The remediation status this time is Guest network threat blocked since the Virtual Machine Threat Protection Policy is configured to block the connection when threat is found. Page 83

84 Summary Micro-segmentation feature of VMware NSX gives access to the L2 level traffic flowing through Guest Virtual Machine. In this module you learned, how these data packets can be inspected to detect and block possible network based threats like SQL Injection. We call this feature Guest Network Threat Protection (GNTP). This module covered: How to create a network introspection policy on VMware NSX Map this policy to Symantec Data Center Security policy Apply this policy to a Security Group which has Guest Virtual Machines that needs to be protected. Simulated and initiated a network threat by conducting a SQL injection attack. Proved how the threat can just be log or logged and blocked at the same time. Page 84

85 Summary Review of DCS and NSX Page 85

86 Conclusion This concludes - "Applying Data Center Security with Symantec & VMware NSX". We hope you have enjoyed taking this lab. Symantec Data Center Security:Server delivers advanced secruity services on VMware NSX by integrating into the hypervisor. This integration makes management and consumption of security policies part of integrated NSX workflow. As a result of this native integration, Symantec security appliance will work seamlessly across other NSX integration like vcac from VMware. For mor information and or if are interested to learn more about Symantec Data Center, please contact - amit_chakrabarty@symantec.com. Symantec Data Center Security: Server delivers agentless malware threat protection and network intrusion prevention services for VMware infrastructures via a security virtual appliance, and enables security policy orchestration and automated workflows for the software-defined data center (SDDC). Symantec Data Center Security: Server Advanced extends Symantec Data Center Security: Server by incorporating agented-based technologies previously known as Critical System Protection. Server Advanced provides granular, policy-based controls via a low impact in-guest agent to monitor and protect heterogeneous physical and virtual server environments. Page 86

87 Interested in our solution? Scan the QRcode with your smartphone or tablet for more information Interested in Symantec Data Center Security: Server/Server Advanced?.. For more information about our solution please scan the QRcode with your smartphone or tablet or enter the URL Page 87

88 Conclusion Thank you for participating in the VMware Hands-on Labs. Be sure to visit to continue your lab experience online. Lab SKU: Version: Page 88