VMware vSphere 6.x Latest Threats, Hardening and Design

Objective

This course is going to provide you the details needed to harden your vSphere environment, whether it is the host, vCenter or Virtual Machine. We will also spend time on design of the network and your DMZ. This class finishes up looking at many really great 3rd party mitigation tools, you will walk away with hands on knowledge of how these tools can help you with security within your vSphere environment.

We will also prepare you for the certified virtualization security expert certification. This is a unique and one-of-a-kind certification intended to prove you have the knowledge necessary to secure a virtual environment or cloud environment that is running on VMware vSphere. When you finish this course you will be able to assess the security posture of your vSphere 5.x architecture, and by extension, the services offered thru and by that architecture, and reducing the identified risks.

System administrators and security administrators using virtualization software.

1. Course Introduction and Methodology
2. Design for Security

    1. Key Items to Consider
      • i. Can you have a secure virtual environment?
      • ii. Holistic View
      • iii. Monitoring
        1. Port Level or Application Level?
      • iv. Policy Enforcement
      • v. Secure Privileged Access
      • vi. Secure Multi-tenancy
    2. The Many Layers
      • i. Physical Layer
      • ii. Virtualized Layer
      • iii. Cloud Layer
    3. DMZ Designs
      • i. Five Dimensional Decision
        1. Security, Virtualization, Network, Management and Storage
    4. Sample Designs
      • i. Can we improve?

3. 3rd Party Mitigation Tools

    1. Altor Networks
    2. Catbird’s vCompliance (HOL)
    3. HyTrust
    4. Reflex Systems VMC
    5. CheckPoint Virtual Appliances
    6. Trend Micro (HOL)

4. vSphere Technology and Threats

    1. Hypervisor Threats
    2. vCenter Threats
    3. Physical Layer Threats
    4. Web Based Threats
    5. Network Threats

5. Hardening the Virtual Machines

    1. Harden the Server
    2. Unnecessary Functions
    3. Using Templates (HOL)
    4. VM Isolation (HOL)
    5. VM Advanced Settings (HOL)
    6. SetInfo Hazard
    7. VMCI (HOL)
    8. Isolation Tools (HOL)
      • i. VMsafe Settings

6. Hardening the Host

    1. Service Console Security (HOL)
      • i. Password Integrity
      • ii. sudo
      • iii. Wheel Group
    2. File System Integrity
    3. Encrypted Communication
    4. DCUI – Direct Console User Interface (HOL)
    5. CIM – Common Information Model (HOL)
    6. Tech Support Mode (HOL)
    7. Proxy.xml
    8. ESXi Lockdown Mode

7. Hardening Virtual Center

    1. Limiting Administrative Access (HOL)
    2. Limiting Network Connectivity
    3. Server Certificate Replacement (HOL)
    4. Controlling Log Files (HOL)
    5. Custom Rules
    6. Update Manager
    7. VMware Converter
    8. Managing the vCenter Clients (HOL)
      • i. vShield (HOL)

8. Putting it all Together

    1. Looking back at the key security issues for all topics covered!
    2. Final Hands On Lab – Can you secure your environment?

The following class must be attended or proof of that level of knowledge is required. VMware vSphere 6.x Security Architecture and Potential Threats

Duration: 3 Days
Cost:  2 300,00 € (Including course, hand-outs & lunch, excl. VAT)

   
dartalis
Campus Contern - Bâtiment Colibri
19 Rue Edmond Reuter
L - 5326 Contern
Phone : +352 267 469 200
X