Real Security for Server Virtualization

Similar documents
Securing the Data Center against

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

W11 Hyper-V security. Jesper Krogh.

Dynamic Datacenter Security Solidex, November 2009

Catbird V-Security : You Can t Protect What You Can t Detect

Better Security with Virtual Machines

VMware - VMware vsphere: Install, Configure, Manage [V6.7]

Outline: Securing The Cloud with VMWARE vsphere Code: ACBE GEN-VMSECURE_ONLINE. Days: 5. Course Description:

VMware vsphere PowerCLI Reference

Availability & Resource

VMware vsphere 6.0 / 6.5 Advanced Infrastructure Deployment (AID)

VMware ESX Server 3i. December 2007

AS Stallion. Security for Virtual Server Environments. Urmas Püss

VMware vsphere Administration Training. Course Content

Required VMware vcenter Server Privileges

Symantec and VMWare why 1+1 makes 3

VMware Overview VMware Infrastructure 3: Install and Configure Rev C Copyright 2007 VMware, Inc. All rights reserved.

CS 356 Operating System Security. Fall 2013

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Vmware Vsphere Esx And Vcenter Server Documentation Center

VMware vsphere 6.0 / 6.5 Infrastructure Deployment Boot Camp

Symantec Reference Architecture for Business Critical Virtualization

VMware vsphere with ESX 4.1 and vcenter 4.1

Chapter 10 Protecting Virtual Environments

PassTest. Bessere Qualität, bessere Dienstleistungen!

User Guide. Version R94. English

VMware vsphere with ESX 6 and vcenter 6

Directions in Data Centre Virtualization and Management

Avid inews Server Enterprise Virtualization Reference. Release 1.0

Paul Hodge Virtualization Solutions: Improving Efficiency, Availability and Performance

VMware vsphere 4. Architecture VMware Inc. All rights reserved

vshield Quick Start Guide

FAQ FOR VMWARE SERVER 2 - AUGUST, 2008

Ensure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details

vsphere Security Modified on 21 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

VMware vsphere. Administration VMware Inc. All rights reserved

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Securing Your Virtual World Harri Kaikkonen Channel Manager

System Center Virtual Machine Manager. Overblik Demo. Roadmap

The Software Defined Data Centre & vsphere 6.5 The foundation of the hybrid cloud Barry Coombs

Securing VMware NSX MAY 2014

Administering VMware vsphere and vcenter 5

Managing ReadyClones

User Guide. Version R95. English

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

vsphere Security VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 EN

VMware Ultimate Bootcamp v 3.5

VMware vsphere 6.5 Boot Camp

vsphere Security Update 1 Modified 03 NOV 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Maximize your Private Cloud with Server Management Suite

What Is New in VMware vcenter Server 4 W H I T E P A P E R

Microsoft Windows Apple Mac OS X

Setting Up the Dell DR Series System on Veeam

Virtual Appliance User s Guide

By the end of the class, attendees will have learned the skills, and best practices of virtualization. Attendees

Table of Contents HOL-SDC-1415

vsphere Security Update 2 Modified on 22 JUN 2018 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

New Features in VMware vsphere (ESX 4)

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

predefined elements (CI)

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

CMB-207-1I Citrix Desktop Virtualization Fast Track

Test-King.VMCE_V8.40Q.A

Microsoft v12.39

Hyper-v Install Virtual Guest Services Greyed Out

Need To Manually Uninstall Vmware Tools Hyper

What s new. James De Clercq (RealDolmen) Timothy Dewin (Veeam Software)

How it can help your organisation

vrealize Infrastructure Navigator Installation and Configuration Guide

System Requirements. System Requirements for Cisco DCNM, Release 10.4(1), page 1. System Requirements for Cisco DCNM, Release 10.

System Requirements for Cisco DCNM, Release 10.4(2)

ATA Infotech Ventures Pvt. Ltd.

70-410: Installing and Configuring Windows Server 2012

VMware vsphere 5.5 Professional Bootcamp

Manually Merge Hyper-v Snapshots Back Into One Vhd

"Charting the Course... VMware vsphere 6.7 Boot Camp. Course Summary

vsphere Basic System Administration

vsphere Security Update 2 Modified 04 OCT 2017 VMware vsphere 6.0 VMware ESXi 6.0 vcenter Server 6.0

Support for NetBackup 7.x in virtual environments

Agent for VMware. Version

VMware Exam VCP-511 VMware Certified Professional on vsphere 5 Version: 11.3 [ Total Questions: 288 ]

HP Data Protector 7.0 Virtualization Support Matrix

Table of Contents HOL SLN

SNOW LICENSE MANAGER (7.X)... 3

Overview. Prerequisites. VMware vsphere 6.5 Optimize, Upgrade, Troubleshoot

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

Disaster Recovery-to-the- Cloud Best Practices

VMware vsphere Customized Corporate Agenda

VMware Exam 2V0-621 VMware Certified Professional 6 Data Center Virtualization Beta Version: 7.0 [ Total Questions: 242 ]

SMASHING THE TOP 7 VIRTUALIZATION SECURITY MYTHS

Potpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.

CIS Controls Measures and Metrics for Version 7

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

CounterACT VMware vsphere Plugin

System Requirements. Hardware and Virtual Appliance Requirements

About Updating a System, page 1 Connecting to an ISO Image from the CD/DVD Drive, page 4 Updating Data Centers, page 4

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Transcription:

Session D8 Real Security for Server Virtualization Wednesday, April 21, 2010 9:45 am Eric Schultze Independent Consultant eric@pureplaysecurity.com Key Points How to configure your virtual infrastructure servers for maximum security Performing patch management for your virtual server guests How to monitor virtual server sprawl Third-party tools to help secure your virtual environment Page 1

Definitions for today Host The physical machine that is running the hypervisor and contains one or most Guests. Guest The virtualized operating system. One or more Guests can be running on a single Host. Securing the Host Best Practices for VMware http://tinyurl.com/ykp2rd9 VMs Host vnetwork vcenter Best Practices for Securing Hyper-V http://tinyurl.com/yey8u6y Hardening Hyper-V Delegating VM Management Protecting VMs Page 2

Securing the Host Best Practices for Securing VMware Hosts http://tinyurl.com/ykp2rd9 Prevent others users from spying on Administrator remote consoles Ensure VMotion Traffic is isolated Disable remote operations within the guest Restrict access to VMsafe CPU/Memory/Network APIs Disable Managed Object Browser Disable Web Access Ensure ESX is Configured to Encrypt All Sessions Ensure only authorized users have access to the DCUI Disable Tech Support Mode Sample of VMware Guidance Page 3

Securing the Host Best Practices for Securing Hyper-V http://tinyurl.com/yey8u6y Reduce attack surface consider WS08 Core Patch OS and HyperV application Use two NICs one for Mgmt functions only Apply Specialized Security Limited Functionality (SSLF) baseline Read Windows Server 2008 Security Guide http://technet.microsoft.com/en-us/library/cc514539.aspx Items to Consider when Securing Virtual Environments Securing the Host Securing the Guest OS and applications Encryption of Guest Image files on Host Intrusion Detection/Prevention for Host Intrusion Detection/Prevention for Guests Including Guest to Guest communication Malware\AV prevention for Host and Guests Encryption of traffic to\from Guests and Host Management network for Host Virtual Switch configuration Backup and Recovery Patch Management for Guests and Host Inventory \ Managing Guest Sprawl Access to Disk Page 4

Securing VM image files For Both Microsoft and VMware images you must Secure access to the.vm* image files Secure access to the Host console Secure access to the Storage devices Limit administrative access to HyperV servers and to VirtualCenter servers Demo What happens if you don t Patch Management Keep patches up to date on Guests As you would do with physical systems Watch for patch rollback when VMs are reverted to snapshots Snapshots may not have included latest patches Even more important to scan VM images for patch state when they are offline Booting up an unpatched image can be dangerous Page 5

Scanning and Patching Patch Management VMware Update Manager Updates ESX Host applications Patches Windows and certain Linux Guest images Includes third party Windows apps like Adobe, Apple, Mozilla, Sun Java, etc. Can patch online or offline images Snapshots are created prior to patching VMs can be removed from network prior to booting up to install patch Patch Management Scanning and Patching Microsoft Offline Virtual Machine Servicing Tool Remove image from library Move image to maintenance network Wake virtual images Trigger WSUS or SCCM actions Patches are deployed Shutdown image Move image back to Library Requires: WSUS or SCCM Powershell PSExec.NET Framework 3.0 Page 6

Patch Management Scanning and Patching Shavlik NetChk (third party tool) Remotely scans and patches Windows Guests and third party Windows applications Operates against Online and Offline VMware images (ESX, ESXi, and VMware Workstation) DEMO VM Sprawl Sprawl Defined: a large amount of virtual machines on your network without the proper IT management or control Steven Warren - blogs.techrepublic.com Risk Rogue machines Unknown configurations Unpatched systems Wasted processor and disk space Evil Services (DHCP, AD, DNS, Sniffers, etc) Page 7

Controlling VM Sprawl Many vendors claim to manage VM sprawl, ranging from: Passive inventory of images registered on ESX servers, to Actively preventing unauthorized images from mounting or joining network (NAC-like) Make sure to ask your virtualization vendor exactly what they mean by managing VM sprawl Ideas for Controlling VM Sprawl Limit the number of people who can create VMs Implement request and approval process Tough to control VM Workstation image creation Annotate VMs with end dates Review each week and end-of-life VMs that aren t needed anymore Scan network weekly to look for new ESX servers Look for special TCP ports 22, 80, 443, 902 Review ESX Servers on VSphere\VCenter servers Inventory images registered on each ESX Server Implement third party products Page 8

Products for Securing Virtual Environments Catbird Configuresoft (VMware) DynamicOps Embotics Fortisphere HyTrust ManageIQ QLayer Replicate Technologies Shavlik Third Brigade (Trend Micro) Veeam Vizioncore VMware Email eric@pureplaysecurity.com for copy Page 9

Email eric@pureplaysecurity.com for copy Page 10

Page 11

Page 12

Page 13

Page 14

Summary Lock down the Host Secure the Guests Patch online and offline VMs Secure access to and/or encrypt virtual images Leverage third-party products to manage sprawl, configuration, and management Page 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback