Home / Courses / Virtualization / Advanced VMware Security


Advanced VMware Security

Chapter 1
Primer and Reaffirming Our Knowledge

ESX Networking Components

Virtual Ethernet Adapters and How they Work

Virtual Switches and How They Work


Virtual Switch vis-à-vis Physical Switch

Why the Spanning Tree Protocol is Superfluous

What are Virtual Ports and Why Should We Be Concerned?

VMWare So-Called “Uplink Ports” and Their Interaction with the Physical Equivalent

Concept of Port Groups - They are Out of This (Physical) World!

Virtual Switch Correctness

VLANs in VMWare Infrastructure

NIC Teaming

Load Balancing

Failover Configurations

Layer Security Features

Managing the Virtual Network with“vCenter”

Cryptography and Certificates

Symmetric vs. Asymmetric Encryption


Digital Signatures

Breaking SSL Traffic to and from the VIC

UNIX File System Structure



When Do the Processes Start?

Starting and Stopping Processes

Interacting with Processes

Account and Groups

Password and Shadow File Formats

Linux and UNIX Permissions

Set UID Programs

Logs and Auditing



Chapter 2
Routing and the Security Design of VMware

Security of Routing Data

How traffic is routed between Virtual Machines on ESX hosts

Different vSwitches, same port group and VLAN

Same vSwitch, different port group and VLAN

Same vSwitch, same port group and VLAN

Security Design of the “The VMware Infrastructure Architecture”

VMware Infrastructure Architecture and Security Features

Virtualization Layer

CPU Virtualization

Buffer overflow

Memory Virtualization

Virtual Machines

Service Console

Virtual Networking Layer

Virtual Switches

Virtual Switch LANs

Virtual Ports

Virtual Network Adapters

Virtual Switch Isolation

Virtual Switch Correctness

Virtualized Storage

SAN Security

VMware Virtual Center



Chapter 3
Remote DataStore Security

Fiber Channel Architecture

Mask and Zone SAN Resources

LUN Masking

SAN Zoning

Port Zoning

Hard and Soft Zoning

WWN Zoning



Switch Link Fiber Channel – Security Protocol

ESP over Fiber Channel

Attacking Fiber Channel

Securing Fiber Channel

iSCSI vs Fiber Channel

iSCSI Architecture

iSCSI Security Features

Securing iSCSI SANs



Chapter 4
Penetration Testing 101

What is a Penetration Test?

Benefits of a Penetration Test

What is the Cost of a Hack?

Current Issues


Active Zombies

Active Botnets

Identity Theft

Social Engineering, Exploits and Chained Exploits

Chained Exploit Example

The Evolving Threat

Pen Testing Methodology

Types of Pen Tests

Website Review

Common Management Errors

It’s Not Just About the Tools!



Chapter 5
Information Gathering, Scanning and Enumeration

What Information Does the Hacker Gather?

Methods of Obtaining Information

Footprinting Defined


Firefox Add-Ons

Google Hacking

Introduction to Port Scanning

Port Scanning Tools


TCP Connect Port Scan

Half-Open Scan

Firewalled Ports

Service Version Detection

Additional NMAP Scans

UDP Scans

Enumeration Overview

Web Server Banner Grabbing



SMTP Server Banner

DNS Enumeration

Zone Transfers

Backtrack Tools

Active Directory Enumeration


Null Sessions

Enumeration with Cain and Abel

NAT Dictionary Attack Tool


Cool Stuff with Cain



Chapter 6
Penetration Testing and the Tools of the Trade

Vulnerabilities in Network Services

Vulnerability Assessment Scanners



Windows Password Cracking

Syskey Encryption

Cracking Techniques


Disabling Auditing

Clearing the Event Log

Alternate Data Streams

Stream Explorer

Encrypted Tunnels

Port Monitoring Software




SaintExploit and Core Impact

Penetration Testing Tool Comparison


ARP Cache Poisoning

Cain and Abel





Chapter 7
DMZ Virtualization and Common Attack Vectors

Virtualized DMZ Networks

Typical Virtualized DMZ

Three Typical Virtualized DMZ Configurations

Partially Collapsed DMZ with Separate Physical Trust Zones

Partially Collapsed DMZ with Virtual Separation of Trust Zones

Fully Collapsed DMZ

Best Practices for Achieving a Secure Virtualized DMZ Deployment

Harden and Isolate the Service Console

Clearly Label Networks for each Zone within the DMZ

Set Layer Security Options on Virtual Switches

Enforce Separation of Duties

Use ESX Resource Management Capabilities

Regularly Audit Virtualized DMZ Configuration

How we understand Fake Certificate Injection to work

Generic TLS renegotiation prefix injection vulnerability

Abuses of Renegotiation
• Summary – By Protocol
• Summary – By Application

Renegotiation Solutions

Testing for a renegotiation vulnerability

Renegotiation Vulnerability requirements

Renegotiation Example

Patched server with disabled renegotiation




Chapter 8
Hardening Your ESX Server

Hardening Your ESX Server

ESX Best Practices

Virtual Machines

Secure Virtual Machines as You Would Secure Physical Machines

Disable Unnecessary or Superfluous Functions

Take Advantage of Templates

Prevent Virtual Machines from Taking Over Resources

Isolate Virtual Machine Networks

VM Segmentation

Minimize Use of the VI Console

Virtual Machine Files and Settings

Disable Copy and Paste Operations Between the Guest Operating System and Remote Console

Limit Data Flow From the Virtual Machine to the Datastore

SetInfo Hazard

Do Not Use Nonpersistent Disks

Ensure Unauthorized Devices are Not Connected

Prevent Unauthorized Removal or Connection of Devices

Avoid Denial of Service Caused by Virtual Disk Modification Operations

Specify the Guest Operating System Correctly

Verify Proper File Permissions for Virtual Machine Files

Configuring the Service Console in ESX

Configure the Firewall for Maximum Security

Limit the Software and Services Running in the Service Console

Use VI Client and vCenter to Administer the Hosts Instead of Service Console

Use a Directory Service for Authentication

Strictly Control Root Privileges

Control Access to Privileged Capabilities

Establish a Password Policy for Local User Accounts

ESX/Linux User Authentication

Configuring ESX Authentication

ESX Authentication Settings

Do Not Manage the Service Console as if It Were a Linux Host

Maintain Proper Logging

ESX Log File Locations

ESX Log Files

Establish and Maintain File System Integrity

Secure the SNMP Configuration

Protect against the Root File System Filling Up

Disable Automatic Mounting of USB Devices

Configuring the ESX/ESXi Host

Isolate the Infrastructure-Related Networks

Configure Encryption for Communication between Clients and ESX/ESXi

Label Virtual Networks Clearly

Do Not Create a Default Port Group

Do Not Use Promiscuous Mode on Network Interfaces

Protect against MAC Address Spoofing

Secure the ESX/ESXi Host Console

Mask and Zone SAN Resources Appropriately

Secure iSCSI Devices Through Authentication



Chapter 9
Hardening your ESXi Server

Best Practices ESXi

Configuring Host-Level Management in ESXi

Strictly Control Root Privileges

Control Access to Privileged Capabilities

Maintain Proper Logging

Establish and Maintain Configuration File Integrity

Secure the SNMP Configuration

Ensure Secure Access to CIM

Audit or Disable Technical Support Mode



Chapter 10
Hardening your vCenter Server


Set Up the Windows Host for vCenter with Proper Security

Limit Administrative Access

Limit Network Connectivity to vCenter

Use Proper Security Measures when Configuring the Database for vCenter

Enable Full and Secure Use of Certificate-Based Encryption

vCenter Server Certificates Replacement

Pre-Installation, During Installation, Post-Installation

vCenter Log Files and Rotation

Collecting vCenter Log Files

Use vCenter Custom Roles

Document and Monitor Changes to the Configuration

vCenter Add-on Components

VMware Update Manager

VMware Converter Enterprise

VMware Guided Consolidation

General Considerations

Client Components

Restrict the Use of Linux-Based Clients

Verify the Integrity of VI Client

Monitor the Usage of VI Client Instances

Avoid the Use of Plain-Text Passwords

vShield Zones

vShield VM Flow Features



Chapter 11
3rd Party Migration Tools

3rd Party Products

Virtualization: Greater Flexibility, Diminished Control


Catbird * Authors Pick

HyTrust * Authors Pick


Trend Micro


Catbird In-Depth Look *Authors Pick

Understanding Compliance Scope

HyTrust – In-Depth Look * Authors Pick

Key Capabilities

What’s Missing?

Making Sense of It All




*Please note that this content is meant to be a guideline.
Class material is subject to change and may be presented in a slightly different format than listed


Course Registration


5 days


Course Outline