Virtualization Security : Protecting Virtualized Environments

Fundamentals Of Virtualization Security -- Securing Hypervisors -- Designing Virtual Networks For Security -- Advanced Virtual Network Operations -- Virtualization Management And Client Security -- Securing The Virtual Machine -- Logging And Auditing -- Change And Configuration Management -- Disaster Recovery And Business Continuity -- Scripting Tips And Tricks For Automation -- Additional Security Considerations For Virtual Infrastructure. Dave Shackleford. Includes Index. Virtualization Security......Page 3 Contents......Page 17 Virtualization Architecture......Page 27 Operational Threats......Page 30 Malware-Based Threats......Page 31 VM Escape......Page 32 How Security Must Adapt to Virtualization......Page 35 Challenges of Vulnerability Testing in a Virtualized Environment......Page 36 Hypervisor Configuration and Security......Page 41 Patching VMware ESXi......Page 43 Securing Communications in VMware ESXi......Page 53 Change and Remove Default Settings on VMware ESXi......Page 59 Enable Operational Security on VMware ESXi......Page 60 Secure and Monitor Critical Configuration Files in VMware ESXi......Page 64 Secure Local Users and Groups on VMware ESXi......Page 66 Lock Down Access to Hypervisor Console......Page 73 Configuring Microsoft Hyper-V on Windows Server 2008......Page 78 Securing Communications with Hyper-V......Page 79 Changing Hyper-V Default Settings......Page 82 Enabling Operational Security for Hyper-V......Page 85 Securing and Monitoring Critical Configuration Files for Hyper-V......Page 86 Secure Local Hyper-V Users and Groups......Page 89 Lock Down Access to the Hyper-V Hypervisor Platform......Page 94 Patching XenServer......Page 98 Secure Communications with XenServer......Page 101 Change XenServer Default Settings......Page 102 Enabling XenServer Operational Security......Page 106 Secure Local Users and Groups......Page 107 Lock Down Access to the XenServer Platform......Page 114 Comparing Virtual and Physical Networks......Page 119 Virtual Network Design Elements......Page 121 Physical vs. Virtual Networks......Page 124 Important Security Elements......Page 125 Architecture Considerations......Page 126 Configuring Virtual Switches for Security......Page 128 Defining Separate vSwitches and Port Groups......Page 129 Configuring VLANs and Private VLANs for Network Segmentation......Page 138 Limiting Virtual Network Ports in Use......Page 143 Implementing Native Virtual Networking Security Policies......Page 148 Securing iSCSI Storage Network Connections......Page 151 Integrating with Physical Networking......Page 155 Network Operational Challenges......Page 157 Load Balancing in vSphere Virtual Environments......Page 159 Traffic Shaping and Network Performance in VMware vSphere......Page 161 Creating a Sound Network Monitoring Strategy in VMware vSphere......Page 162 Load Balancing in Hyper-V Virtual Environments......Page 167 Traffic Shaping and Network Performance in Hyper-V......Page 168 Creating a Sound Network Monitoring Strategy in Hyper-V......Page 170 Load Balancing in XenServer Virtual Environments......Page 171 Creating a Sound Network Monitoring Strategy in XenServer......Page 174 General Security Recommendations for Management Platforms......Page 177 Network Architecture for Virtualization Management Servers......Page 178 VMware vCenter......Page 181 vCenter Service Account......Page 183 Secure Communications in vCenter......Page 184 vCenter Logging......Page 186 Users, Groups, and Roles in vCenter......Page 189 Role Creation Scenarios......Page 193 Microsoft System Center Virtual Machine Manager......Page 194 SCVMM Service Account......Page 195 Secure Communications with SCVMM......Page 196 SCVMM Logging......Page 197 Users, Groups, and Roles in SCVMM......Page 198 Secure Communication with XenCenter......Page 201 Users, Groups, and Roles in XenCenter......Page 202 Virtual Machine Threats and Vulnerabilities......Page 203 Virtual Machine Security Research......Page 204 Cloud VM Reconnaissance......Page 205 Virtual Machine Encryption......Page 206 Locking Down VMware VMs......Page 211 Copy/Paste Operations and HGFS......Page 214 VM Logging......Page 215 Device Connectivity......Page 216 Guest and Host Communications......Page 217 Controlling API Access to VMs......Page 218 Unexposed Features......Page 219 Locking Down Microsoft VMs......Page 221 Locking Down XenServer VMs......Page 223 Why Logging and Auditing Is Critical......Page 227 Virtualization Logs and Auditing Options......Page 228 Syslog......Page 229 Windows Event Log......Page 230 VMware vSphere ESX Logging......Page 231 VMware vSphere ESXi Logging......Page 233 Microsoft Hyper-V and SCVMM Logging......Page 237 Citrix XenServer and XenCenter Logging......Page 244 Enabling Remote Logging on VMware vSphere......Page 247 Enabling Remote Logging on Microsoft Hyper-V......Page 249 Enabling Remote Logging for XenServer......Page 251 Effective Log Management......Page 252 Change and Configuration Management Overview......Page 255 Change Management for Security......Page 256 The Change Ecosystem......Page 257 How Virtualization Impacts Change and Configuration Management......Page 260 Best Practices for Virtualization Configuration Management......Page 261 Cloning and Templates for Improved Configuration Management......Page 263 Creating and Managing VMware vSphere VM Templates and Snapshots......Page 264 Creating and Managing Microsoft Hyper-V VM Templates and Snapshots......Page 268 Creating and Managing Citrix XenServer VM Templates and Snapshots......Page 273 Integrating Virtualization into Change and Management......Page 275 Additional Solutions and Tools......Page 276 Disaster Recovery and Business Continuity Today......Page 279 Shared Storage and Replication......Page 280 Clustering......Page 282 Resource Pools......Page 288 Setting Up High Availability and Fault Tolerance in VMware vSphere......Page 296 Setting Up High Availability and Fault Tolerance in Microsoft Hyper-V......Page 300 Setting Up High Availability and Fault Tolerance in Citrix XenServer......Page 303 Why Scripting Is Essential for Admins......Page 307 Scripting with PowerCLI......Page 308 Configuring VMs with PowerCLI......Page 309 Configuring VMs with vCLI......Page 311 Configuring VMware ESXi with PowerCLI......Page 312 Configuring VMware ESXi with the vCLI......Page 315 Configuring VMware Virtual Networks with PowerCLI......Page 316 Configuring VMware Virtual Networks with the vCLI......Page 319 Configuring VMware vCenter with PowerCLI......Page 320 Microsoft Scripting for Hyper-V: PowerShell......Page 323 Getting Information about VMs......Page 324 Assessing Other Aspects of the Virtual Environment......Page 325 Citrix Scripting: Shell scripts......Page 326 VDI Overview......Page 329 Security Advantages and Challenges......Page 330 VDI Architecture Overview......Page 333 Storage Virtualization......Page 336 Application Virtualization......Page 339 Index......Page 343 Securing virtual environments for VMware, Citrix, and Microsoft hypervisors

Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. What's more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments. This book includes step-by-step configurations for the security controls that come with the three leading hypervisor--VMware vSphere and ESXi, Microsoft Hyper-V on Windows Server 2008, and Citrix XenServer.

• Includes strategy for securely implementing network policies and integrating virtual networks into the existing physical infrastructure
• Discusses vSphere and Hyper-V native virtual switches as well as the Cisco Nexus 1000v and Open vSwitch switches
• Offers effective practices for securing virtual machines without creating additional operational overhead for administrators
• Contains methods for integrating virtualization into existing workflows and creating new policies and processes for change and configuration management so that virtualization can help make these critical operations processes more effective

This must-have resource offers tips and tricks for improving disaster recovery and business continuity, security-specific scripts, and examples of how Virtual Desktop Infrastructure benefits security.

**Securing virtual environments for VMware, Citrix, and Microsoft hypervisors**Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. What's more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments. This book includes step-by-step configurations for the security controls that come with the three leading hypervisor--VMware vSphere and ESXi, Microsoft Hyper-V on Windows Server 2008, and Citrix XenServer. * Includes strategy for securely implementing network policies and integrating virtual networks into the existing physical infrastructure * Discusses vSphere and Hyper-V native virtual switches as well as the Cisco Nexus 1000v and Open vSwitch switches * Offers effective practices for securing virtual machines without creating additional operational overhead for administrators * Contains methods for integrating virtualization into existing workflows and creating new policies and processes for change and configuration management so that virtualization can help make these critical operations processes more effective This must-have resource offers tips and tricks for improving disaster recovery and business continuity, security-specific scripts, and examples of how Virtual Desktop Infrastructure benefits security. Securing virtual environments for VMware, Citrix, and Microsoft hypervisors Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. What's more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments. This book includes step-by-step configurations for the security controls that come with the three leading hypervisor—VMware vSphere and ESXi, Microsoft Hyper-V on Windows Server 2008, and Citrix XenServer. Includes strategy for securely implementing network policies and integrating virtual networks into the existing physical infrastructure Discusses vSphere and Hyper-V native virtual switches as well as the Cisco Nexus 1000v and Open vSwitch switches Offers effective practices for securing virtual machines without creating additional operational overhead for administrators Contains methods for integrating virtualization into existing workflows and creating new policies and processes for change and configuration management so that virtualization can help make these critical operations processes more effective This must-have resource offers tips and tricks for improving disaster recovery and business continuity, security-specific scripts, and examples of how Virtual Desktop Infrastructure benefits security.