O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hyper-V Security

Book Description

Secure your Hyper-V hosts, their guests, and critical services from intruders and malware

In Detail

Keeping systems safe and secure is a new challenge for Hyper-V Administrators. As critical data and systems are transitioned from traditional hardware installations into hypervisor guests, it becomes essential to know how to defend your virtual operating systems from intruders and hackers.

Hyper-V Security is a rapid guide on how to defend your virtual environment from attack.

This book takes you step by step through your architecture, showing you practical security solutions to apply in every area. After the basics, you'll learn methods to secure your hosts, delegate security through the web portal, and reduce malware threats.

What You Will Learn

  • Defend the network and disk resources that Hyper-V relies on
  • Control access to Hyper-V, both locally and remotely
  • Automate security policies using Group Policy
  • Leverage Hyper-V's isolation features to protect services while still providing necessary access to resources
  • Combine Hyper-V with external technologies to provide a strong defense-in-depth system
  • Identify and explain security needs to organization officials reluctant to provide proper funding
  • Protect your virtual infrastructure when System Center VMM is present
  • Make management of multiple on-premise private clouds and Azure-based public clouds more secure with App Controller

Table of Contents

  1. Hyper-V Security
    1. Table of Contents
    2. Hyper-V Security
    3. Credits
    4. About the Authors
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
        3. Instant updates on new Packt books
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Introducing Hyper-V Security
      1. The importance of Hyper-V security
        1. Your clients expect it
        2. Your stakeholders expect it
        3. Your employees and volunteers expect it
        4. Experience has taught us that security is important
        5. Weak points aren't always obvious
        6. The costs of repair exceeds the costs of prevention
      2. Basic security concerns
        1. Attack motivations
        2. Untargeted attacks
        3. Targeted attacks
        4. The computing device
        5. The network
        6. Data-processing points
        7. Data storage
        8. People
      3. A starting point to security
      4. Hyper-V terminology
      5. Acquiring Hyper-V
        1. Hyper-V Server
        2. Windows Server
        3. Client Hyper-V
      6. Summary
    9. 2. Securing the Host
      1. Understanding Hyper-V's architecture
      2. Choosing a management operating system
        1. Hyper-V Server
        2. Windows Server – full GUI installation
        3. Windows Server – Core installation
        4. Windows Server – Minimal Server Interface installation
        5. Switching between Windows Server modes
        6. Practical guidance to chose a deployment
      3. Disabling unnecessary components
      4. Using the Windows Firewall
      5. Relying on domain security
      6. Leveraging Group Policy
        1. Exporting SCM baselines
        2. Importing a policy into Group Policy Management Console
        3. Applying SCM baselines to Local Group Policy
          1. Enabling LocalGPO in Windows and Hyper-V Server 2012 R2
      7. Using security software
      8. Configuring Windows Update
        1. Manual patching
        2. Fully automated patching
        3. Staggered patching
        4. Guinea pig systems
      9. Employing remote management tools
      10. Following general best practices
        1. Microsoft baseline security analyzer
        2. Hyper-V Best Practices Analyzer
          1. Running the Hyper-V BPA from Server Manager
          2. Running the Hyper-V BPA from PowerShell
        3. Other practices
      11. Summary
    10. 3. Securing Virtual Machines from the Hypervisor
      1. Using the Hyper-V Administrators group
        1. Using Group Policy to control Hyper-V Administrators
        2. Powers of Hyper-V Administrators
      2. Leveraging PowerShell Remoting
        1. Configuring PowerShell Remoting and its basic usage
        2. Workgroup and inter-domain PowerShell Remoting
          1. Certificate-based PowerShell Remoting
            1. Configuring the Host SSL certificate
            2. Configuring the Remote System
        3. TrustedHosts-based PowerShell Remoting
          1. Choosing between SSL and TrustedHosts
        4. Example – PowerShell Remoting with Invoke-Command
      3. Using custom PowerShell Remoting endpoints
        1. Practical custom PowerShell Remoting endpoints
      4. Summary
    11. 4. Securing Virtual Machines
      1. Understanding the security environment of VMs
        1. Process isolation
        2. Memory isolation
        3. Hard disk isolation
        4. Network isolation
        5. Other hardware
        6. Practical approaches to isolation security
      2. Leveraging Generation 2 virtual machines
      3. Employing anti-malware on a virtual machine
        1. Considering intrusion prevention and detection strategies
      4. Using Group Policy with virtual machines
      5. Limiting exposure with resource limitations
        1. Virtual processor limits
        2. Memory limits
        3. Hard drive I/O limits
        4. Virtual network limits
      6. Applying general best practices
      7. Summary
    12. 5. Securing the Network
      1. Understanding SSL encryption
      2. Leveraging network hardware
        1. Hardware firewalls
      3. Using the virtual switch's isolating technologies
        1. Multiple switch types
        2. Virtual LAN
          1. Using PowerShell to control VLANs on virtual adapters
        3. Private VLAN
        4. Using PowerShell to configure private VLANs
        5. Network virtualization
      4. Employing Hyper-V virtual switch ACLs
        1. Using basic port ACLs
        2. Using extended port ACLs
        3. Practical ACL usage
      5. Configuring the Windows Firewall
      6. Using management tools remotely
        1. Enabling Remote Desktop
        2. Enabling other remote management tools
        3. Remote access for non-domain-joined machines
      7. Using Hyper-V with IPsec
      8. Configuring virtual network adapter protections
        1. MAC address settings
        2. DHCP guard
        3. Router guard
        4. Port mirroring
        5. Setting Hyper-V protections using Powershell
      9. Encrypting cluster communications
      10. Securing Hyper-V Replica traffic
      11. Summary
    13. 6. Securing Hyper-V Storage
      1. Configuring NTFS security for VM storage
      2. Securing SMB 3.0 shares for VM storage
        1. Administrative and hidden shares
      3. Securing iSCSI connections
        1. Physical and logical isolation
        2. iSCSI security options
      4. Using Secure Boot
      5. Using BitLocker
      6. Understanding the role of backup
      7. Summary
    14. 7. Hyper-V Security and System Center VMM
      1. Enhancing Hyper-V host security through VMM
        1. The user role group descriptions
        2. Run as accounts
      2. Securing the VMM installation
        1. VMM library shares
        2. Anything else?
      3. Network virtualization and multi-tenancy
      4. Providing secure self-service with the Windows Azure Pack
        1. DOS and DDOS attacks
      5. Summary
    15. 8. Secure Hybrid Cloud Management through App Controller
      1. System requirements
      2. Installing App Controller
        1. Connecting clouds to App Controller
      3. App Controller's role-based security model
      4. Summary
    16. Index