Home / Courses / Virtualization / Advanced VMware Security: 5 Day Hands-On Bootcamp

VMware

Advanced VMware Security: 5 Day Hands-On Bootcamp

Chapter 1 - Primer and reaffirming our knowledge

  • Overview
  • ESX Networking Components
  • Virtual Ethernet Adapters and How They Work
    • Virtual Switches and How They Work
    • Virtual Switches vis-a-vis Physical Switch
    • Why The Spanning Tree Protocol is Superfluous
    • What are Virtual Ports and Why Should we be Concerned?
    • VMWare so-called "Uplink Ports" and their interaction with the Physical equivalent
    • Concept of Port Groups - They are out of this (physical) world!
    • Uplinks
    • Virtual Switch Correctness
  • VLANs in VMware Infrastructure
  • NIC Teaming
    • Load Balancing
  • Failover Configurations
  • Layer 2 Security Features
  • Managing the Virtual Network with "VirtualCenter"
  • File System Structure
  • Kernel
  • Processes
    • When do the processes start?
    • Starting and Stopping Processes
    • Interacting with Processes
  • Account and Groups
    • Password and Shadow File Formats
  • Linux and Unix Permissions
    • Set UID Programs
  • Trust Relationships
  • Logs and Auditing

Chapter 2 - Penetration Testing 101

  • Overview
  • What is a Penetration Test?
  • Benefits of a Penetration test
  • What is the Cost of a Hack?
    • Example
  • Current Issues
    • Malware/Virus
    • Active Zombies
    • Hash Collisions
    • SQL Injection
    • Identity Theft
    • Social Engineering, EXploits and Chained Exploits
    • Chained Exploit Example
  • The Evolving Threat
  • Pen Testing Methodology
  • Types of Tests
  • Website Review
  • Common Management Errors
  • It's not Just about the Tools!

Chapter 3 - Routing and the Security Design of VMware

  • Overview
  • Security of Routing Data
  • How traffic is routed Between Virtual Machines on ESX host
    • Different vSwitches, same port group and VLAN
    • Same vSwitch, different port group and VLAN
    • Same vSwitch, same port group and VLAN
  • Security Design of the VMware Infrastructure 3 Architecture
  • VMware Infrastructure Architecture and Security Features
    • Virtualization Layer
    • CPU Virtualization
    • Buffer overflow
    • Memory Virtualization
    • Virtual Machines
    • Service Console
    • Virtual Networking Layer
    • Virtual Switches
    • Virtual Switch LANs
    • Virtual Ports
    • Virtual Network Adapters
    • Virtual Switch Isolation
    • Virtual Switch Correctness
    • Virtualized Storage
    • SAN Security
    • VMware Virtual Center

Chapter 4 – Information Gathering, Scanning and Enumeration

  • Overview
  • What information does the hacker gather?
  • Methods of Obtaining Information
  • Footprinting Defined
    • Maltego
    • Firefox Add
  • Google Hacking
  • Introduction to Port Scanning
  • Port Scanning Tools
    • NMAP
    • TCP Connect Port Scan
    • Half-Open Scan
    • Firewalled Ports
    • Service Version Detection
    • Additional NMAP Scans
    • UDP Scans
  • Enumeration Overview
    • Web Server Banner Grabbing
    • Telnet
    • SuperScan4
    • SMTP Server Banner
    • DNS Enumeration
    • Zone Transfers
    • Backtrack Tools
    • Active Directory Enumeration
    • LDAP miner
    • Null Sessions
    • Enumeration with Cain and Abel
    • NAT Dictionary Attack Tool
    • THC-Hydra
    • Cool Stuff with Cain

Chapter 5 – DMZ Virtualization

  • Overview
  • Virtualized DMZ Networks
  • Typical Virtualized DMZ
  • Three Typical Virtualized DMZ Configurations
    • Partially Collapsed DMZ with Separate Physical Trust
    • Zones
    • Partially Collapsed DMZ with Virtual Separation of Trust
    • Zones
    • Fully Collapsed DMZ
  • Best Practices for Achieving a Secure Virtualized DMZ Deployment
    • Harden and Isolate the Service Console
    • Clearly Label Networks for each Zone within the DMZ
    • Set Layer 2 Security Options on Virtual Switches
    • Enforce Separation of Duties
    • Use ESX Resource Management Capabilities
    • Regularly Audit Virtualized DMZ Configuration

Chapter 6 – Remote DataStore Security

  • Overview
  • Mask and Zone SAN Resources
    • LUN Masking
    • SAN Zoning
    • Port Zoning
    • Hard and Soft Zoning
    • WWN Zoning
  • Classes of Attacks against SANs
  • Fiber Channel
    • Fiber Channel – Security Protocol
    • ESP over Fiber Channel
    • DH-CHAP
    • Switch Link
  • Attacking Fiber Channel
  • Securing iSCSI, iFCP and FCIP over IP networks

Chapter 7 – Penetration Testing and the Tools of the Trade

  • Overview
  • Vulnerabilities in Network Services
  • Vulnerability Assessment Scanners
    • Nessus
    • Saint
  • Windows Password Cracking
    • Syskey Encryption
    • Cracking Techniques
    • Cryptanalysis
  • Disabling Auditing
    • Clearing the Event Log
  • Alternate Data Streams
    • Stream Explorer
  • Encrypted Tunnels
  • Port Monitoring Software
  • Rootkits
  • Metasploit
  • Fuzzers
  • SaintExploit
  • Core Impact
  • Penetration Testing Tool Comparison
  • Wireshark
  • ARP Cache Poisoning
    • Cain and Abel
    • Ettercap
    • Breaking SSL Traffic
  • Hash Algorithm
    • MD5 Hash Collisions

Chapter 8 – Hardening your ESX Server

  • Overview
  • Hardening Your ESX Server
  • ESX Best Practices
    • Virtual Machines
    • Secure Virtual Machines as You Would Secure Physical Machines
    • Disable Unnecessary or Superfluous Functions
    • Take Advantage of Templates
    • Prevent Virtual Machines from Taking Over Resources
    • Isolate Virtual Machine Networks
    • Arp Cache Poisoning
    • VM Segmentation
    • Minimize Use of the VI ConsoleVirtual Machine Files and Settings
    • Disable Copy and Paste Operations Between the Guest Operating System and Remote Console
    • Limit Data Flow from the Virtual Machine to the Datastore
    • SetInfo Hazard
    • Do Not Use Nonpersistent Disks
    • Ensure Unauthorized Devices are Not Connected
    • Prevent Unauthorized Removal or Connection of Devices
    • Avoid Denial of Service Caused by Virtual Disk Modification Operations
    • Specify the Guest Operating System Correctly
    • Verify Proper File Permissions for Virtual Machine Files
    • Configuring the Service Console in ESX 3.5
    • Configure the Firewall for Maximum Security
    • Limit the Software and Services Running in the Service Console
    • Use VI Client and VirtualCenter to Administer the Hosts Instead of Service Console
    • Use a Directory Service for Authentication
    • Strictly Control Root Privileges
    • Control Access to Privileged Capabilities
    • Establish a Password Policy for Local User Accounts
    • Do Not Manage the Service Console as if it were a Linux Host
    • Maintain Proper Logging
    • Establish and Maintain File System Integrity
    • Secure the SNMP Configuration
    • Protect against the Root File System Filling Up
    • Disable Automatic Mounting of USB Devices
  • Best Practices ESXi
    • Configuring Host-level Management in ESXi 3.5
    • Strictly Control Root Privileges
    • Control Access to Privileged Capabilities
    • Maintain Proper Logging
    • Establish and Maintain Configuration File Integrity
    • Secure the SNMP Configuration
    • Ensure Secure Access to CIM
    • Audit or Disable Technical Support Mode
  • Configuring the ESX/ESXi Host
    • Isolate the Infrastructure-related Networks
    • Configure Encryption for Communication between Clients and ESX/ESXi
    • Label Virtual Networks Clearly
    • Do Not Create a Default Port Group
    • Do Not Use Promiscuous Mode on Network Interfaces
    • Protect against MAC Address Spoofing
    • Secure the ESX/ESXi Host Console
    • Mask and Zone SAN Resources Appropriately
    • Secure iSCSI Devices through Authentication
  • VirtualCenter
    • Set Up the Windows Host for VirtualCenter with Proper Security
    • Limit Administrative Access
    • Limit Network Connectivity to VirtualCenter
    • Use Proper Security Measures when Configuring the Database for VirtualCenter
    • Enable Full and Secure Use of Certificate-based Encryption
    • VirtualCenter Server Certificates Replacement
    • Pre-Installation
    • During Installation
    • Post-Installation
    • Use VirtualCenter Custom Roles
    • Document and Monitor Changes to the Configuration
    • VirtualCenter Add-on Components
    • VMware Update Manager
    • VMware Converter Enterprise
    • VMware Guided Consolidation
    • General Considerations
  • Client Components
    • Restrict the use of Linux-based Clients
    • Verify the Integrity of VI Client
    • Monitor the Usage of VI Client Instances
    • Avoid the Use of Plain-Text Passwords

Appendix:

  • The Basics of SAN Security, Part I
  • Increasing Security Concerns
  • Security Domains
    • Administrator-to-Security Management Domain
    • Host-to-Switch Domain
    • Security Management-to-Fabric Domain
  • Switch-to-Switch Domain
  • Data Integrity and Security
    • So What Is Zoning?
    • Zoning Types
    • Configuring Zoning Components
    • LUN Masking
    • Persistent Binding
    • Security Technologies
    • Host-to-Fabric
    • Summary and Conclusions
  • Security Management Part 2
  • Fibre Channel Security Management
  • Authentication and Authorization
  • Configuration Management
  • SAN Access
  • SAN Security Benefits
  • Host-Based and Switch Based Mapping
  • Controller-based Mapping
  • WWN Privileged Access
  • Redundancy
  • Management
  • Summary and Conclusions
  • Appendix 1 – Malware
  • Distributing Malware
  • Malware Capabilities
  • Netcat
    • Netcat Switches
  • Executable Wrappers
  • Avoiding Detection
  • BPMTK
  • Appendix 2 – SQL Injection
  • What is SQL Injection?
  • Why SQL Injection?
  • Attacking Database Servers
    • SQL Ping2
    • osql.ex

 

Course Registration

 

5 days
$4,895.00

 

Course Outline

 

Request