Spindustry News

Azure For IT Professionals

Learn more about implementing Azure as part of your infrastructure.

Staying Sharp on Microsoft Office Can Save Time & Money

Learning the latest Microsoft Office tips and tricks can benefit you greatly.

"How do I determine if this new technology is for real?"

Michael Bird explains how to navigate new technology waters.
Training partners

Spindustry Training

spindustrytraining.com - (515) 334-9556

Bookmark and Share

Hardening and Hacking vSphere and Private Cloud

Course Code: RZ VPCSEC-5
Length: 5 Days
Tuition: $3,995.00

Schedule for this Course

There are no dates scheduled for this course.
If you would like to be added to the wait list for this class Click Here

Course Description:

We are well aware that virtualization has been widely implemented, however, there are questions regarding adequate considerations for security threats, known or perceived. It appears that many organizations rest on superior security at the physical layer for a secure virtual layer. This is due in part to an organization that is not aware of the risks associated specifically with the virtual layer or individuals that lack the knowledge to implement adequate security measures. This course changes everything.

This course covers all known and many perceived risks, demonstrates how to hack some of those risks and covers the best hardening practices known today. It covers many technologies related to the VMware vCloud Suite so that you know what you can and cannot do with the software as well as what needs to be added to your security posture to ensure a secure private cloud!

Why Attend this Course

  • Learn the latest technologies used to secure the vSphere and Private Cloud Infrastructure.
  • The risks to a virtual datacenter are higher than most organizations realize, be prepared to mitigate those risks.
  • Become a leader in the industry by staying on top of the security issues related to the private cloud.
  • We cover the best third party solutions related to virtualization and the private cloud.
  • This course will teach you how to test some of these known risks.
  • Our team of developers have worked in the security field for many years, they pioneered today’s designs for a secure virtual infrastructure and wrote the first course on virtual security, they have tried and true best practices throughout this course.
  • Be prepared to pass both exams:
    • RAZR Certified Virtualization Security Engineer (R|CVSE)
    • RAZR Certified Virtualization Security Specialist-V (R|CVSS-V)
  • Take the VM’s home with you for additional work after class!
  • 50% of your time will be hands on

You will learn:

  • Latest technologies in securing a virtual and private cloud infrastructure
  • Foundational concepts in virtualization security
  • How to Securely designing your infrastructure for today and tomorrow
  • The best third party security solutions on the market today
  • The latest risks known to the vSphere product
  • How to audit vSphere
  • Details on the vCloud Networking and Security Product
  • Implementation of Endpoint security
  • The best built in security controls for the vSphere products
  • Why virtualization can make your infrastructure more secure
  • How to Harden the entire infrastructure, not just a few items

Prerequisites

  • Two Years IT Security Experience, Network+ Certification or Equivalent Knowledge
  • Two Years’ Experience with Microsoft or Linux Servers
  • Basic Virtualization/Cloud Knowledge

Course Outline:

Chapter 1 – Course Introduction

Chapter 2 – Virtualization and Cloud Overview

  1. Overview of Virtualization
  2. Overview of Cloud Technologies
  3. Design
    1. Functional Requirements
    2. Security Implications
    3. Examples

Chapter 3 – Developing a vSphere Private Cloud Security Posture

  1. CIA Triad
  2. Threat Modeling
  3. Emerging Threats
    1. External Threats
    2. Internal Threats
  4. Seven Step Approach to a Desired Security Posture
  5. Control Architecture
  6. Deep Dive into vSphere Risks
    1. Virtual Machine Risks
    2. ESXi Hosts Risks
    3. vNetwork Risks
    4. vCenter Risks
    5. vStorage Risks
    6. vCloud – Related to Private Cloud Risks

Chapter 4 – vSphere Native Controls

  1. ESXi Secure Architecture
    1. vCPU
    2. vMemory
  2. Virtual Machines Secure Architecture
    1. Virtual Machine Hardware
    2. Virtual Machine Files
    3. vCenter Features
      1. vMemory Management
      2. vCPU Management
      3. Clones and Templates
      4. Roles and Permissions
  3. Host and Cluster Native Controls
    1. VMKernel Preventative Controls
    2. vSphere 5.x Preventative Controls
    3. ESXi File Systems Structure
    4. Logging
    5. Lock Down Mode
    6. SSH Access
    7. ESXi Firewall
  4. vCloud Networking and Security
    1. Edge
    2. App Firewall
    3. VXLAN
    4. Data Security
    5. vCloud Ecosystem Framework
  5. vCenter Native Controls
    1. Single Sign-On
    2. High Availability
    3. Distributed Resource Scheduler
    4. vSphere Data Protection
    5. vSphere Replication
    6. Disaster Recovery Options

Chapter 5 – vNetwork Native Controls

  1. vSwitch Native Controls
  2. DvSwitch Native Controls
  3. How traffic routes
  4. Forged Packets
  5. VLANs
  6. PVLANs
  7. App Firewall

Chapter 6 – vStorage Security

  1. Understanding Storage within the Virtual Architecture
  2. Native Controls
    1. Storage Capabilities based on Versions
    2. Storage I/O Control
    3. vSphere Storage API’s
    4. All Paths Down and Permanent Device Loss
    5. Storage Profiles, Clusters and DRS
  3. Fiber Channel Security
  4. iSCSI Security
  5. NAS Security

Chapter 7 – Third Party Mitigation Solutions

  1. Catbird
  2. Cisco Adaptive Security Virtual Appliance
  3. Firefly Host – Juniper Networks Product
  4. HyTrust
  5. Sophos Endpoint Antivirus – Cloud
  6. Reflex VMC
  7. TrendMicro Deep Security
  8. WatchGuard

Chapter 8 – Assessing and Remediating

  1. Assessment Program Objectives
  2. Assessment Program Scope
  3. Prerequisites and Reliance
  4. Assessment Skills Requirement

Chapter 9 – Hardening the Virtual Machines

  1. The Basics
  2. Making best use of Templates
  3. Isolating the VM
  4. Managing Resources
  5. Advanced Settings
  6. Preventing Known Risks
  7. Auditing the VM
  8. Endpoint Security

Chapter 10 – Hardening the Host

  1. The Basics
  2. Managing Users
  3. DCUI Management
  4. Managing Access to Host
  5. Firewall Best Practices
  6. Advanced Settings
  7. vNetwork Hardening
  8. vStorage Hardening
  9. Managing Certificates

Chapter 11 – Hardening vCenter

  1. The Basics
  2. Controlling Access
  3. Managing Plug-Ins
    1. Converter
    2. Update Manager
    3. vCLI
    4. And Others
  4. Managing Certificates
  5. vCert Manager
  6. Using the App Firewall

Appendix – Additional Products only covered in extended hour’s delivery (Bootcamp Format)

  1. vCloud Native Controls
    1. How vCloud functions with vSphere
    2. Roles and Permissions
    3. Tenant and Landlord Controls
    4. vNetwork Controls
    5. vStorage Controls
    6. vApp Controls
  2. Compliance and vCenter Configuration Manager
    1. Overview of Compliance
    2. How Configuration Manager Helps
    3. Key components
    4. Free Compliance Checking Tools
  3. Additional vCloud Networking Deep Dive
    1. Edge
    2. VXLAN
    3. Data Security

back to top