January 2012 - Auditing and Securing Virtualized Environments

Note: This event was a paid two-day technical topics / training event. Thefore, we can only present a summary of the course. Course materials are not available for download.

Topic

In this two-day seminar, you will focus on ESX security. You will start with virtualization basics, hardware virtualization considerations, and different versions of ESX. You will examine best practices for securing ESX servers, access to the management console, ESX logging, and other configuration issues to ensure your ESX virtual server hosts are secure and stable. Case studies using a combination of live demonstrations and exercises will reinforce important virtualization concepts and associated audit points addressed in real audit projects.

What You Will Learn:

  1. Virtualization Basics
    • What is It?
    • Advantages and Disadvantages of Virtualization
    • Hardware Considerations
    • High Availability
    • Backup Strategies
    • ESX and Hyper-V
    • Integrating Virtualization and Disaster Recovery
    • Potential Hypervisor Attacks
  2. ESX Basics
    • ESX Versions
    • ESX 3.5 and 3.5i, 4.0, and 4.0i
    • Managing ESX Hosts
    • ESX Host Security
    • Patching ESX Hosts
  3. Developing an Audit Program for ESX/Hyper-V
    • Hardware Parameters
    • Proper UPS Configuration for Hosts and Guests
    • Best Practices for Console Access
    • Log File Configuration and Review
    • Firewall Configuration
    • SNMP Configuration
    • Scanning Servers for Security Holes / Viruses / Rootkits
    • Backup Strategy
    • Patch Management
    • VMotion/DRS Security
    • Virtual Guest Configuration
    • Virtual Server Guest Base Images

Speaker

Alan Sugano, President of ADS Consulting Group, Inc.

Alan’s areas of expertise include networking; server, workstation, and application virtualization; security; custom programming; web development; SharePoint; and SQL Server development. Previously, he was with Coopers & Lybrand (now PricewaterhouseCoopers) as an MAS consultant.

He speaks regularly on such topics as virtualization, network audit and security, troubleshooting, network design and implementation, server selection, network documentation and management, and disaster recovery. He is a Contributing Editor for Windows IT Pro and the author of the Real-World Network Troubleshooting Manual. He is also a Microsoft Most Valuable Professional (MVP).

Materials

  • This event was a paid two-day technical topics / training event. Thefore, we can only present a summary of the course. Course materials are not available for download.