IC121-End-to-End Virtual Security Hands-On Lab

Similar documents
IC L19 - Consolidate Information from across your Infrastructure to create a custom report for PCI DSS Hands-On Lab

IS L02-MIGRATING TO SEP 12.1

HyTrust Appliance Installation Guide

UP L12: Still on SEP 11? Let us show you how to simplify migration to SEP.

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

IC L17 Strategic Understanding using Symantec Protection Center Hands-On Lab

Table of Contents HOL-SDC-1415

IA L16 - Hands-On Lab Hands on with Instant Backup and Recovery Features of NetBackup 7.6 for VMware

ICL02: Security Analytics: Discover More in your Endpoint Protection Dashboard Hands-On Lab

CounterACT VMware vsphere Plugin

1) Use either Chrome of Firefox to access the VMware vsphere web Client. FireFox

CST VMWare Documentation

Configure RSPAN with VMware

Archive to the Cloud: Hands on Experience with Enterprise Vault.cloud

Introduction to Virtualization

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 21: VMware vsphere Distributed Resource Scheduler

HyTrust CloudControl Administration Guide

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

FireFox. CIS 231 Windows 2012 R2 Server Install Lab #1

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Maximo Self Service Center

SnapProtect Live Browse with Granular Recovery on VMware. May 2017 SL10336 Version 1.1.0

IT Systems Integration

Hitachi NEXT 2018 Automating Service Maintenance with Hitachi Automation Director (HAD)

FireFox. CIS 231 Windows 10 Install Lab # 3. 1) Use either Chrome of Firefox to access the VMware vsphere web Client.

SR L09 - Messaging Gateway, Encryption and Data Loss Prevention: Three Great Things Even Better Together Hands-On Lab

ISL01: Transparently Authenticating Tablets, Smartphones and Laptops with Symantec Managed PKI Service

Table of Contents HOL-PRT-1464

1) Use either Chrome of Firefox to access the VMware vsphere web Client. FireFox

Table of Contents HOL-SDC-1315

Table of Contents HOL-1710-SDC-6

Remote Access to the CIS VLab (308)

CIS 231 Windows 2012 R2 Server Install Lab #1

CounterACT VMware vsphere Plugin

1) Use either Chrome of Firefox to access the VMware vsphere web Client.

CIS 231 Windows 7 Install Lab #2

efolder BDR for Veeam VMware Continuity Cloud Guide

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 1: Using the VMware vsphere Web Client

The Ip address / Name value should be: srvvcenter-cis

IM L07 Configuring Enterprise Vault Data Classification Services

HyTrust CloudControl Installation Guide

The Ip address / Name value should be: srvvcenter-cis

Table of Contents HOL-1701-CHG-5

EML10 Best Practces for Implementing Deployment Solution Hands-On Lab

Reset the Admin Password with the ExtraHop Rescue CD

Configure RSPAN with VMware

MaaS360.com. MaaS360 On-Premises. Database Virtual Appliance Setup Guide

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi

SM L04 Veritas Operations Manager Advanced 4.0 RU1: Optimize Your Heterogeneous Storage Environment Hands-On Lab Description

Storage Replication Adapter for VMware vcenter SRM. April 2017 SL10334 Version 1.5.0

VMware AirWatch: Directory and Certificate Authority

ForeScout Extended Module for Qualys VM

Lab - Remote Desktop in Windows 8

Dynamic Multi-Pathing for VMware 6.0 Hands-On Lab

Hands-on Lab Session 9909 Introduction to Application Performance Management: Monitoring. Timothy Burris, Cloud Adoption & Technical Enablement

User Guide. Version R92. English

Objective New User Guide

ForeScout CounterACT. Configuration Guide. Version 1.1

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Linking your Adobe Connect recording to your Canvas Course

Runecast Analyzer User Guide

Table of Contents HOL SDC

Using this tutorial, you will create a Web page for a fictional foundation. The tutorial is divided into the following parts:

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

EM L23 - Implementing Client and Server Management with Site Services Hands-On Lab

Dell SC Series Integration with VMware VVols

CIS 231 Windows 10 Install Lab # 3

NetBackup 7.6 Replication Director A Hands On Experience

We start by providing you with an overview of the key feature of the IBM BPM Process Portal.

VMware Horizon Client Install & Login Windows PC

CA Agile Central Installation Guide On-Premises release

BraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!

vcenter Operations Manager for Horizon View Administration

Cisco Virtual Application Container Services 2.0 Lab v1

Amplify. Innovate. Empower. At SAP Innovation Camp.

Installation Guide. Copyright 2017 by Educational Testing Service. All rights reserved. All trademarks are property of their respective owners.

Using VMware vsphere Web Client with Symantec ApplicationHA and Symantec Cluster Server (VCS)

Website Management with the CMS

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

Managing Virtual Machines

vsphere Security Update 1 Modified 03 NOV 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

vcloud Usage Meter v2.3 Technical Overview 2009 VMware Inc. All rights reserved

DASHBOARD PERFORMANCE INDICATOR DATABASE SYSTEM (PIDS) USER MANUAL LIBERIA STRATEGIC ANALYSIS TABLE OF CONTETABLE OF CONT. Version 1.

Provide Feedback year-round for your direct reports, any HSHS colleague, or add Journal Notes for yourself.

Veeam ONE. Version 8.0. User Guide for VMware vsphere Environments

Forescout. Configuration Guide. Version 2.4

Send the Ctrl-Alt-Delete key sequence to the Guest OS one of two ways: Key sequence: Ctlr-Alt-Ins Menu Sequence: VM / Guest / Send Ctrl-Alt-Delete

REVISED 1 AUGUST REVIEWER'S GUIDE FOR VMWARE APP VOLUMES VMware App Volumes and later

Pure Storage FlashArray Management Pack for VMware vrealize Operations Manager User Guide. (Version with Purity 4.9.

1) Use either Chrome of Firefox to access the VMware vsphere web Client.

REVISED 1 AUGUST QUICK-START TUTORIAL FOR VMWARE APP VOLUMES VMware App Volumes and later

User Guide. Version R94. English

Table of Contents HOL-PRT-1463

Table of Contents. VMware AirWatch: Technology Partner Integration

Tenable.io User Guide. Last Revised: November 03, 2017

vsphere Security VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 EN

Preview and Print Reports. Preview and Print Reports (for MAS Users) Participant Profile. Learning Outcomes

The audience for this document is technical professionals who wish to learn more about using the Dell Compellent VMware vsphere Client Plug-in.

Table of Contents HOL-1757-MBL-6

Broadband internet connection ipad, Android tablet, Windows Surface RT or Pro, Chromebook Safari, Google Chrome, Microsoft Edge, Mozilla Firefox

Transcription:

IC121-End-to-End Virtual Security Hands-On Lab Description Many of us fear zero day exploits especially if they could impact our dynamic virtual systems. Learn how you can leverage CCS VSM to quickly lock down your virtual environment as you use CCS VM to identify any impacted systems. Finally we will show you how you can learn from exploits and then customize security standards in CCS SM and VSM. At the end of this lab, you should be able to Assess and report on your esx system using VMware hardening guidelines Use CCS VM to assess your virtual environment for vulnerabilities Use CCS VSM to lock down your Virtual Environment to protect it against misconfiguration and vulnerabilities Generate a CCS Dashboard for Virtual Environment Root Password Vaulting Notes A brief presentation will introduce this lab session and discuss key concepts. The lab will be directed and provide you with step-by-step walkthroughs of key features. Feel free to follow the lab using the instructions on the following pages. You can optionally perform this lab at your own pace. Be sure to ask your instructor any questions you may have. Thank you for coming to our lab session.

Exercise 1: Show Evaluation results with same issue as found in CCS VM CCS provides the ability to assess your virtual environments using best practices based on VMware hardening guidelines for ESX. 1. From the Desktop double click the Symantec Control Compliance Suite Console icon The Home view is the default view that appears when you log on to the Control Compliance Suite (CCS) Console. This page provides the working flow of the features within the solution. 2. Select Manage > Assets In Control Compliance Suite, an asset is defined as a managed object in the system that has value, has an owner, has controlled access, and can have authority. The primary goal of the asset management system is to present a consolidated view of the assets that are present in the organization with the ability to manage those assets.. 3. Expand the Asset System folder 4. Select the VMware ESXi machines group 5. Select the 192.168.1.90 Asset 6. What is the Compliance Score for this Asset? 7. Select the Evaluation Tab CCS provides the ability to evaluate systems security configurations against industry best practices such as the VMware Harding Guidelines Double click on the evaluation to display the Evaluation Result Details The Evaluation Results Details page provides you with a quick view of your overall security poster and allows you to also analyze which areas may need more attention than others. The page gives you two views of the data. The Standards based view and the Asset based view. 8. Select the Asset-based view button 9. Drag the Status column into the tool bar 10. Drag the Risk column down to the column headers 11. How many configuration checks failed for this asset? 12. Expand the Failed checks 2 of 12

13. Select and right click the is unauthorized removal, connection and modification of devices prevents? Check 14. Click Show Detailed Evidence 15. View the devices which have this option disabled select and highlight and hoover the mouse over the custom message. This setting is disabled by default for virtual environments. When enabled, users have the ability to connect devices and change settings on virtual systems. This means a user can do things like migrate or copy critical systems and access sensitive data by setting up shares on the image 3 of 12

Exercise 2: View the vulnerability details for ESX system As more organizations expand their infrastructure into the virtual realm, effective security for business must reflect the changing needs of those dynamic environments. CCS Vulnerability Manager (CCS VM) will help find and report on specific vulnerabilities within your ESX Hypervisor. 1. From the desktop double click the CCS VM icon 2. Select Continue to this website. (the certificates for the website have not been generated within the demo image at this time) 3. Log on: Username: vmadmin Password: symc4now The Home page shows sites, asset groups, tickets, and statistics about your network that are based on scan data. You have logged on with the Global Administrator role for the solution. This allows you to not only view information but also edit site and asset group information, and run scans for your entire network all from this page. The row of tabs at the top of the page is used to navigate to the main pages of each functional area of the solution. 4. Using the search feature on the upper right side of the interface enter ESX and select the magnifying glass to search for the ESX systems. 5. How many vulnerabilities were detected within the exs41i system? 6. Select the 192.168.1.90 system link to drill down into the details found from the vulnerability assessment 7. Filter the Risk Score to see the highest risk vulnerabilities first 8. Select the first vulnerability on the list 9. Provide a brief description of the suggested solution 4 of 12

Exercise 3: Protect systems with critical data from changes or migrations Locking down your ESX environment against changes will help ensure the security of your surrounding infrastructure especially when critical vulnerabilities have been found. CCS Virtualization Security Manager provides powerful access control features for your virtual environment which allows you to isolate virtual assets limiting access to and from them and dictating where and if they move. This is done by creating policies which are defined by labels, Roles and Rules created within CCS VSM and assigning those policies to specific users based on their role. 1. From the web browser select the CCS VSM tab in the favorites bar 2. Select Continue to this website. (the certificates for the website have not been generated within the demo image at this time) 3. Log into the web console: Username: SuperAdminUser Password: symc4now The Appliance Dashboard is the first page displayed when logging into the appliance. This page was designed to provide summary information based on your VSM implementation. The row of tabs at the top of the page are used to navigate to the main pages of each functional area of the solution 4. Select the Policy tab and then Resources 5. Expand Appliance Root The lab environment has two ESX systems. The yellow shield next to each of the systems indicates that these systems are now protected by the VSM Appliance. 6. From the server system taskbar select Start > VMware vsphere Client or click the icon on the desktop. 7. Login: Username: Mark_Rhodes Password: symc4now 5 of 12

8. Select Login 9. What is the message that is displayed? 10. Click OK and Close the Client 11. Go back to the CCS VSM web console 12. From the Policy tab select Labels Labels are used to classify or categorize policy resources. They are often used to define constraints. For example by assigning production virtual machines with a label you have the ability to assign a constraint that those machines should never be turned off. 13. Select Create Draft The Create Draft button allows the solution to copy the deployed labels into a draft copy before actually deploying it out. 14. Select the PCI Label Currently the PCI Label has two Virtual Systems assigned. 15. Select Assign For each label you have the ability to associate different resources within the virtual environment. 16. Select OK and OK again to get back to the Policy Labels window to finish without making any changes to the label. 17. From the Policy Tab select Roles Roles are used to define authorized operations and usually become an attribute of a rule. 18. From the right side of the page select page 2 19. Select the TestSystemsUsers. Click to open the Edit Role TestSystemUsers window. The checked items listed here are enabled operations which the users who have the TestSystemUsers Role associated 20. Select the check box next to resource Resources enable the ability to change the resource pools within the Virtual Environment. This includes the ability to do actions such as move or migrate virtual machines into different hosts. 21. Click OK 22. From the Policy Tab select Rules 6 of 12

Rules provide the relationships between Active Directory user groups, objects within the virtual environment and the entitlements for a specific role. 23. Select TestUsers and open the Edit Rule TestUsers window. 24. Click the Add button within Constraints Constraints are used to restrict access to specific entities of the Virtual Environment 25. Select Match VM Label(s) 26. Select the PCI VM Label 27. Click the checkbox to Exclude VM Label 28. Click OK 29. Click the Propagate checkbox This will propagate the policy down the resource tree and enable it. 30. Click OK 31. Click Deploy Changes 7 of 12

Exercise 4: Test Protection Settings 1. From the system taskbar select Start > VMware vsphere Client Login: Username: Mark_Rhodes Password: symc4now 2. Select Login Mark Rhodes is part of the user group within Active Directory who has been assigned the TestUser Role. 3. Expand the Symplified Virtual Datacenter 4. Expand the 192.168.1.90 host 5. Right Click the Exchange Server Virtual Machine 6. Select Migrate 7. Select Change both host and datastore 8. Click Next 9. Expand the Symplified Virtual Datastore 10. Select the 192.168.1.85 host 11. Click Next 12. Click the Research and Development Resource Pool 13. Click Next 14. Keep the default for the datastore 15. Select Next 16. Select Finish 17. What is the message that is displayed? 8 of 12

Exercise 5: View Evaluation information for Virtual Environment from a single location In the beginning of the lab we went through the Configuration Assessment results within CCS Standards Manager and also the Vulnerability scan results from CCS Vulnerability Manager. CCS provides the ability to view the evaluation results from both solutions from the Virtual Environment from a single location using the CCS Dynamic Dashboards which are part of the CCS Web Client. 1. Select the Chrome Icon from the taskbar This brings you to the CCS Web Client. The web client provides the ability to view and create dashboards using the data within the CCS and External data from third party solution, Accept, review, and approve policies from the CCS policy manager solution and answer questionnaires from the CCS Assessment Manager solution. 2. Select the Dashboards tab 3. Expand Misc tab These are the default dashboards that come with the solution. They have been generated to provide a view of information based on Mandates and operational information 4. Select the Panels Tab Dashboards are generated by applying different panels. This is a list of predefined panels which come with the solution. Using these panels it is easy to generate a custom dashboard. Panels can also be customized to view and analyze data in different ways. 5. Select New Panel 6. Select Standard Compliance Management > Check as the Area of Interest 7. For Measure (y axis) select Results Summary 8. For Dimension (x axis) select Results Name 9. Select the green plus sign to add an additional Dimension 10. Select Standard Name 11. Select Standard Name for the Axis Label 12. Name the panel Standards Evaluation Results for ESX systems 13. Within Filters select Results Name for the Attribute 14. Select is equal to for the Operator 15. Use the Ctrl keyboard button to select the Check Asset Fail and the Check Asset Pass values 16. Select the green plus sign to add an addition Attribute 17. Select Standard Name as the Attribute 9 of 12

18. Select is equal to for the Operator 19. Select VMware Hardening Guideline for ESXi 4.x 20. Select Apply and Save 21. Select the Dashboard in the top toolbar 22. Select New Dashboard 23. Name the dashboard Vision Virtual Environment 24. Select the green plus sign next to Category 25. Name the category Virtual Environment 26. Select Create 27. Select Stay on this page 28. Expand the Private Panels tab 29. Select the Standards Evaluation Results for ESX systems 30. Drag the panel into the grid 31. Expand the panel so that it take up 7x7squars 32. Expand the Published Panels 33. Select the Top 10 Most Common Network Vulnerabilities panel 34. Drag and drop the panel under the Standards Evaluation Results for ESX systems 35. Expand the panel so it takes up the bottom 7x7 squares 36. From the published panels select Data Collection Coverage 37. Drag the panel and expand it into the space beside the Standards Evaluation Results for ESX systems 38. Select Vulnerabilities by Severity 39. Drag the panel into the remaining space. 40. Select Save and Close 10 of 12

Exercise 6: Root Password Vaulting It is not a good security practice to distribute the root passwords for an ESX or ESXi system. Root Password Vaulting allows CCS VSM to manage the root password of individual hosts by creating a secure root password for an ESX host and storing that password vault. The system will then automatically rotate the root password on the host on a regular basis. 1. Open Internet Explorer and select CCS VSM from the Favorites tool bar 2. Select Continue to this website. (the certificates for the website have not been generated within the demo image at this time) 3. Log into the web console: 4. Username: SuperAdminUser 5. Password: symc4now 6. From the CCS VSM web interface select: Configuration > Root Password Vaulting 7. For the recovery passcode enter: CCS!sfun 8. Confirm the recover passcode: CCS!sfun 9. Click Apply The Recovery Passcode is used to provide an emergency mechanism to recover root passwords if the VSM is not available 10. Select Compliance > Hosts 11. Select the hyperlink for the esxi50.symplified.org host 12. Click the Root Password Vaulting option 13. User ID: root Password: Symc4now! 14. Click OK You will see a key icon appear next to the host which indicated that root password vaulting has been enabled 15. Click the box next to ESXi50.symplified.org 16. Select Issue Password 17. Provide a Reason: Quick Change to ESXi System 18. Click Issue Password 19. Copy down the password 11 of 12

20. Click Apply 21. For the VSM SuperUserPassword enter symc4now 22. Click OK 23. Go to the esxi50.symplified.org vmimage 24. Click on the screen and then click f2 25. Enter the root password provided by VSM 12 of 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback