O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

VMware Advanced Security

Video Description

The VMware Advanced Security course is an advanced level course as compared to any other network or IT security course as it covers the security protocols and techniques to secure a virtual environment. The course teaches the students about the various types of threats that can effect a virtual datacenter and then explains the prevention techniques to protect and secure the VMware deployment. The VMware Advanced Security course is an ideal course for the system administrators working in a virtual datacenter or a public/private cloud infrastructure. The course covers the in-depth concepts of effectively securing the VMware based virtualized environment. The course is equally helpful for the IT professionals working at system integrator organizations and providing technical support to various organizations.

Table of Contents

  1. Course Introduction
    1. Course Introduction 00:01:42
    2. Instructor Introduction 00:01:19
    3. Instructor Introduction 00:01:01
  2. Chapter 01 - Primer and Reaffirming Our Knowledge
    1. Primer and Reaffirming Our Knowledge 00:01:04
    2. ESX Networking Components 00:03:32
    3. How Virtual Ethernet Adapters Work 00:03:00
    4. How Virtual Switches Work 00:02:26
    5. VMsafe Overview 00:01:59
    6. Current VMsafe Partners 00:00:58
    7. Virtual Switch vs. Physical Switch Part1 00:00:53
    8. Virtual Switch vs. Physical Switch Part2 00:06:43
    9. Spanning Tree Protocol Not Needed 00:01:49
    10. Virtual Ports 00:01:20
    11. Uplink Ports 00:00:54
    12. Port Groups 00:01:24
    13. Uplinks 00:00:26
    14. Virtual Switch Correctness 00:01:18
    15. VLANs in VMWare Infrastructure 00:00:49
    16. NIC Teaming 00:00:32
    17. Load Balancing 00:01:08
    18. Failover Configurations 00:01:47
    19. Normal Operation 00:00:41
    20. Connection Fails 00:00:32
    21. Signaling Process - Beaconing 00:00:23
    22. Data Rerouted 00:00:09
    23. Layer 2 Security Features 00:03:17
    24. Forged Transmits 00:03:10
    25. Managing the Virtual Network 00:02:43
    26. Symmetric vs. Asymmetric Encryption 00:07:50
    27. Demo - Security in vSwitches 00:05:09
    28. Hashes 00:04:59
    29. Demo - Hashes 00:03:21
    30. Digital Signatures 00:04:16
    31. Breaking SSL Traffic 00:07:13
    32. Demo - Lab Environment 00:04:38
    33. Demo - ARP Cache Poison Part1 00:20:41
    34. Demo - ARP Cache Poison Part2 00:08:33
    35. File System Structure Part1 00:02:08
    36. File System Structure Part2 00:01:54
    37. File System Structure Part3 00:02:41
    38. Kernel 00:01:01
    39. Processes Part1 00:00:58
    40. Processes Part2 00:01:24
    41. Starting and Stopping Processes 00:01:40
    42. Interacting with Processes Part1 00:00:40
    43. Interacting with Processes Part2 00:00:35
    44. Accounts and Groups 00:01:58
    45. Password & Shadow File Formats 00:01:15
    46. Accounts and Groups (cont.) 00:03:04
    47. Linux and UNIX Permissions Part1 00:01:03
    48. Linux and UNIX Permissions Part2 00:01:01
    49. Linux and UNIX Permissions Part3 00:02:46
    50. Linux and UNIX Permissions Part4 00:00:20
    51. Demo - Intro to Linux 00:19:43
    52. Set UID Programs 00:01:03
    53. Logs and Auditing Part1 00:00:50
    54. Logs and Auditing Part2 00:01:38
    55. Chapter 01 Review 00:00:53
  3. Chapter 02 - Routing and the Security Design of VMware
    1. Routing and the Security Design of VMware 00:01:10
    2. Security of Routing Data 00:00:20
    3. How Traffic Routes Between VMs on ESX Hosts 00:02:01
    4. Different vSwitches, Same Port Group and VLAN 00:01:44
    5. Same vSwitch, Different Port Group and VLAN 00:00:43
    6. Same vSwitch, Same Port Group and VLAN 00:01:15
    7. Security Design of the VMware Infrastructure Architecture Part1 00:01:10
    8. Security Design of the VMware Infrastructure Architecture Part2 00:00:54
    9. Security Design of the VMware Infrastructure Architecture Part3 00:01:23
    10. VMware Infrastructure Architecture and Security Features 00:00:34
    11. Virtualization Layer Part1 00:01:27
    12. Virtualization Layer Part2 00:03:05
    13. Virtualization Layer Part3 00:00:58
    14. Virtualization Layer Part4 00:00:45
    15. Virtualization Layer Part5 00:01:58
    16. CPU Virtualization Part1 00:03:34
    17. CPU Virtualization Part2 00:02:24
    18. CPU Virtualization Part3 00:03:07
    19. CPU Virtualization Part4 00:10:42
    20. Memory Virtualization Part1 00:00:56
    21. Memory Virtualization Part2 00:02:11
    22. Memory Virtualization Part3 00:00:59
    23. Memory Virtualization Part4 00:04:58
    24. Cloud Burst Part1 00:01:29
    25. Cloud Burst Part2 00:02:10
    26. Virtual Machines Part1 00:00:56
    27. Virtual Machines Part2 00:00:37
    28. Virtual Machines Part3 00:01:04
    29. Service Console Part1 00:01:00
    30. Service Console Part2 00:02:09
    31. Service Console Part3 00:00:58
    32. Virtual Networking Layer 00:00:29
    33. Virtual Switches 00:00:39
    34. Virtual Switch VLANs Part1 00:00:30
    35. Virtual Switch VLANs Part2 00:00:38
    36. Virtual Switch VLANs Part3 00:00:58
    37. Virtual Switch VLANs Part4 00:00:33
    38. Demo - Using VLAN’s 00:05:05
    39. Major Benefits of Using VLANs 00:01:29
    40. Major Benefits of Using VLANs 00:02:17
    41. Standard VLAN Tagging 00:00:58
    42. Virtual Ports 00:00:24
    43. Virtual Network Adapters 00:00:30
    44. Virtualized Storage 00:01:31
    45. VMware VirtualCenter Part1 00:02:09
    46. VMware VirtualCenter Part2 00:01:59
    47. VMware VirtualCenter Part3 00:01:44
    48. Chapter 02 Review 00:00:36
  4. Chapter 03 - Remote DataStore Security
    1. Remote DataStore Security 00:00:25
    2. ESX / ESXi and Fibre Channel SAN Environment and Addressing 00:01:39
    3. Mask and Zone SAN Resources Appropriately 00:00:55
    4. LUN Masking and Zoning Part1 00:01:03
    5. LUN Masking and Zoning Part2 00:01:16
    6. LUN Masking and Zoning Part3 00:02:18
    7. LUN Masking and Zoning Part4 00:01:12
    8. LUN Masking and Zoning Part5 00:00:29
    9. LUN Masking and Zoning Part6 00:00:27
    10. LUN Masking and Zoning Part7 00:01:26
    11. Fiber Channel 00:01:19
    12. DH-CHAP 00:00:39
    13. Switch Link 00:00:36
    14. What is FC-SP (Fiber Channel - Security Protocol)? 00:01:05
    15. ESP Over Fiber Channel 00:00:38
    16. Fiber Channel Attacks - The Basics 00:03:35
    17. Steps in Securing Fiber Channel 00:02:20
    18. iSCSI vs. Fiber Channel 00:01:46
    19. ESX / ESXi and iSCSI SAN Environment and Addressing 00:01:48
    20. Hardware vs. Software Initiators 00:01:18
    21. iSCSI Security Features 00:01:18
    22. Secure iSCSI Devices Through Authentication 00:01:08
    23. Demo - Storage Security Settings 00:02:44
    24. IPSec 00:02:00
    25. IPSec Implementation 00:01:17
    26. Steps in Securing iSCSI 00:02:45
    27. Chapter 03 Review 00:01:19
  5. Chapter 04 - Penetration Testing 101
    1. Penetration Testing 101 00:00:42
    2. What is a Penetration Test 00:01:54
    3. Benefits of a Penetration Test 00:03:12
    4. What Does a Hack Cost You? 00:02:07
    5. Cost of a Hack - Example 00:01:30
    6. Current Issues Part1 00:04:02
    7. Current Issues Part2 00:03:21
    8. Current Issues Part3 00:02:42
    9. Current Issues Part4 00:02:29
    10. Current Issues Part5 00:01:58
    11. Current Issues Part6 00:03:17
    12. Chained Exploit Example 00:02:58
    13. Demo - Gonzalez Indictment 00:03:29
    14. The Evolving Threat 00:05:28
    15. Methodology for Penetration Testing / Ethical Hacking 00:06:22
    16. Penetration Testing Methodologies 00:01:43
    17. Types of Tests 00:02:34
    18. Website Review 00:01:22
    19. Demo - Website Review 00:13:08
    20. Seven Management Errors 00:02:47
    21. Some VMware Issues 00:04:28
    22. Not Just About the Tools 00:02:32
    23. Chapter 04 Review 00:01:20
  6. Chapter 05 - Information Gathering, Scanning and Enumeration
    1. Information Gathering, Scanning and Enumeration 00:00:21
    2. What is the Hacker Wanting to Know? 00:02:15
    3. Methods of Obtaining Information 00:01:11
    4. Footprinting 00:01:44
    5. Maltego 00:01:03
    6. Maltego GUI 00:02:35
    7. Demo - Maltego 00:12:32
    8. Firecat v1.6.2 00:01:57
    9. Demo - Firecat 00:06:43
    10. FireFox Fully Loaded 00:00:55
    11. Johnny.Ihackstuff.com hackersforcharity.org 00:01:26
    12. Google and Query Operators 00:02:11
    13. Google 00:01:02
    14. Shodan - You Have to be Kidding Me! Part1 00:01:37
    15. Shodan - You Have to be Kidding Me! Part2 00:00:34
    16. Demo - Shodan 00:06:16
    17. Introduction to Port Scanning 00:02:59
    18. Popular Port Scanning Tools 00:01:21
    19. ICMP Disabled 00:01:12
    20. NMAP TCP Connect Scan 00:00:31
    21. TCP Connect Port Scan 00:01:03
    22. Nmap 00:01:06
    23. Half-open Scan 00:00:28
    24. Firewalled Ports 00:00:32
    25. NMAP and Your VMware Servers 00:02:06
    26. Additional NMAP Scans 00:01:01
    27. NMAP UDP Scans 00:00:21
    28. Demo - NMAP 00:17:16
    29. UDP Port Scan 00:00:30
    30. Enumeration Overview 00:01:48
    31. Banner Grabbing 00:00:49
    32. Banner Grabbing with Telnet 00:00:27
    33. SuperScan 4 Tool: Banner Grabbing 00:01:07
    34. DNS Enumeration 00:01:04
    35. Zone Transfers 00:02:33
    36. Backtrack DNS Enumeration 00:01:05
    37. Active Directory Enumeration 00:01:37
    38. LDAPMiner 00:01:00
    39. Null Sessions 00:01:41
    40. Syntax for a Null Session 00:00:34
    41. Viewing Shares 00:00:39
    42. Enumeration with Cain and Abel 00:02:15
    43. NAT Dictionary Attack Tool 00:01:03
    44. THC-Hydra 00:00:48
    45. Injecting Abel Service 00:01:00
    46. Demo - Cain 00:21:59
    47. Chapter 05 Review 00:00:43
  7. Chapter 06 - Penetration Testing and the Tools of the Trade
    1. Penetration Testing and the Tools of the Trade 00:00:41
    2. Vulnerabilities in Network Services 00:02:35
    3. BackTrack4 00:01:10
    4. Vulnerability Scanners 00:00:28
    5. Nessus 00:01:13
    6. Nessus Report 00:00:58
    7. Saint 00:01:16
    8. SAINT - Sample Report 00:00:43
    9. OpenVAS 00:01:03
    10. OpenVAS Infrastructure 00:01:02
    11. OpenVAS Client 00:02:30
    12. Demo - OpenVAS 00:29:00
    13. Windows Password Cracking 00:02:48
    14. Syskey Encryption 00:00:57
    15. Cracking Techniques 00:02:53
    16. Rainbow Tables 00:01:30
    17. Disabling Auditing 00:01:11
    18. Clearing the Event log 00:00:45
    19. NTFS Alternate Data Stream 00:02:14
    20. Stream Explorer 00:00:40
    21. Encrypted Tunnels 00:01:37
    22. Port Monitoring Software Part1 00:00:42
    23. Port Monitoring Software Part2 00:00:48
    24. RootKit 00:02:21
    25. The Metasploit Project 00:01:06
    26. Defense in Depth 00:02:18
    27. Meterpreter 00:01:41
    28. VASTO 00:00:35
    29. VASTO Modules 00:03:17
    30. Fuzzers 00:01:57
    31. SaintExploit at a Glance 00:00:55
    32. Core Impact Overview 00:01:35
    33. Core Impact 00:01:39
    34. Total Exploits from NVD Included in the Penetration Testing Tool 00:01:44
    35. Wireshark 00:01:25
    36. TCP Stream Re-assembling 00:01:04
    37. ARP Cache Poisoning 00:02:08
    38. ARP Cache Poisoning (Linux) 00:01:24
    39. Cain and Abel 00:02:37
    40. Ettercap 00:01:12
    41. Chapter 06 Review 00:01:02
  8. Chapter 07 - DMZ Virtualization and Common Attack Vectors
    1. DMZ Virtualization and Common Attack Vectors 00:01:42
    2. DMZ Virtualization with VMware Infrastructure 00:02:31
    3. Virtualized DMZ Networks Part 1 00:01:52
    4. Virtualized DMZ Networks Part 2 00:02:44
    5. Three Typical Virtualized DMZ Configurations 00:00:38
    6. Partially Collapsed DMZ with Separate Physical Trust Zones 00:02:42
    7. Partially Collapsed DMZ with Virtual Separation of Trust Zones 00:02:02
    8. Fully Collapsed 00:03:06
    9. Best Practices for Achieving a Secure Virtualized DMZ Deployment 00:01:07
    10. Harden and Isolate the Service Console 00:02:21
    11. Clearly Label Networks for Each Zone within the DMZ 00:01:25
    12. Set Layer 2 Security Options on Virtual Switches 00:01:09
    13. Enforce Separation of Duties 00:02:04
    14. Use ESX Resource Management Capabilities 00:01:24
    15. Regularly Audit Virtualized DMZ Configuration 00:01:52
    16. Common Attack Vectors 00:01:06
    17. How We Understand Fake Certificate Injection to Work 00:01:29
    18. Generic TLS Renegotiation Prefix Injection Vulnerability 00:05:28
    19. Testing for a Renegotiation Vulnerability 00:01:11
    20. Vulnerability Requirements 00:01:50
    21. Generic Example 00:02:12
    22. Patched Server with Disabled Renegotiation 00:00:44
    23. Schmoo Con 2010: Virtualization Vulnerabilities Found! 00:01:28
    24. Schmoo Con 2010: Timeline 00:01:17
    25. Schmoo Con 2010: Identification 00:01:04
    26. Schmoo Con 2010: Server Log In 00:00:11
    27. Schmoo Con 2010: Server on the Internet 00:00:16
    28. Schmoo Con 2010: Vulnerability Part1 00:00:48
    29. Schmoo Con 2010: Vulnerability Part2 00:00:19
    30. Schmoo Con 2010: Redirection Proxy 00:00:25
    31. Schmoo Con 2010: Vulnerable Versions 00:00:34
    32. Schmoo Con 2010: Gueststealer Part1 00:01:08
    33. Schmoo Con 2010: Gueststealer Part2 00:00:31
    34. Schmoo Con 2010: Gueststealer Part3 00:00:20
    35. Chapter 07 Review 00:01:13
  9. Chapter 08 - Hardening Your ESX Server
    1. Introduction 00:00:29
    2. Hardening Your ESX Server 00:00:35
    3. Section 1 - Virtual Machines 00:00:11
    4. Secure Virtual Machines as You Would Secure Physical Machines 00:01:28
    5. Disable Unnecessary or Superfluous Functions 00:01:49
    6. Take Advantage of Templates 00:00:58
    7. Prevent Virtual Machines from Taking Over Resources 00:01:59
    8. Isolate Virtual Machine Networks 00:00:49
    9. Example Network Architecture 00:02:30
    10. Arp Cache Poisoning 00:02:14
    11. VM Segmentation 00:01:01
    12. Minimize Use of the vSphere Console 00:00:59
    13. Virtual Machine Files and Settings 00:01:39
    14. Disable Copy and Paste Operations 00:01:08
    15. Limit Data Flow from the Virtual Machine to the Datastore Part1 00:00:59
    16. Limit Data Flow from the Virtual Machine to the Datastore Part2 00:00:52
    17. Limit Data Flow from the Virtual Machine to the Datastore Part3 00:01:38
    18. SetInfo Hazard Part1 00:01:00
    19. SetInfo Hazard Part2 00:01:12
    20. Do Not Use Nonpersistent Disks Part1 00:01:23
    21. Do Not Use Nonpersistent Disks Part2 00:02:43
    22. Ensure Unauthorized Devices are Not Connected 00:01:11
    23. Prevent UnAuthorized Removal or Connection of Devices 00:00:59
    24. Avoid Denial of Service Caused by Virtual Disk Modification Operations 00:01:17
    25. Specify the Guest Operating System Correctly 00:00:49
    26. Verify Proper File Permissions for Virtual Machine Files 00:02:16
    27. Demo - Security on your Virtual Machines 00:28:24
    28. Section 2 - Configuring the ESX/ESXi Host 00:00:21
    29. Configuring the Service Console in ESX 00:02:30
    30. Demo - Control VIC Access 00:07:10
    31. Demo - Service Console Administration 00:12:35
    32. Configure the Firewall for Maximum Security Part1 00:01:07
    33. Configure the Firewall for Maximum Security Part2 00:01:08
    34. Demo - Firewall Configuration 00:15:48
    35. Limit the Software and Services Running in the Service Console Part1 00:01:06
    36. Limit the Software and Services Running in the Service Console Part2 00:01:26
    37. Processes Running in SC 00:01:13
    38. Use vSphere Client & vCenter to Administer the Hosts Part1 00:02:05
    39. Use vSphere Client & vCenter to Administer the Hosts Part2 00:01:47
    40. Use a Directory Service for Authentication Part1 00:01:13
    41. Use a Directory Service for Authentication Part2 00:00:53
    42. Use a Directory Service for Authentication Part3 00:00:57
    43. Demo - AD Integration 00:17:54
    44. Strictly Control Root Privileges Part 1 00:01:24
    45. Strictly Control Root Privileges Part 2 00:01:27
    46. Strictly Control Root Privileges Part 3 00:02:32
    47. Control Access to Privileged Capabilities 00:02:33
    48. Demo - SSH Access and SUDO - Part 1 00:17:29
    49. Demo - SSH Access and SUDO - Part 2 00:18:22
    50. Demo - SSH Access and SUDO - Part 3 00:13:09
    51. Demo - SSH Access and SUDO - Part 4 00:12:50
    52. Establish a Password Policy for Local User Accounts 00:00:55
    53. ESX/Linux User Authentication 00:01:18
    54. Configuring ESX Authentication 00:01:30
    55. ESX Authentication Settings 00:01:50
    56. Reusing Passwords 00:01:54
    57. Configuring Password Complexity 00:03:32
    58. Do Not Manage the Service Console as a Linux Host 00:00:45
    59. Maintain Proper Logging 00:01:10
    60. ESX4 Log File Locations 00:01:51
    61. Maintain Proper Logging (cont.) 00:01:38
    62. ESX Log Files 00:01:17
    63. Establish and Maintain File System Integrity Part 1 00:01:18
    64. Establish and Maintain File System Integrity Part 2 00:01:58
    65. Secure the SNMP Configuration 00:01:11
    66. Protect Against the Root File System Filling Up 00:01:19
    67. Disable Automatic Mounting of USB Devices 00:01:23
    68. Isolate the Infrastructure-related Networks Part1 00:02:37
    69. Isolate the Infrastructure-related Networks Part2 00:01:31
    70. Isolate the Infrastructure-related Networks Part3 00:01:09
    71. VLAN1 00:01:12
    72. Configure Encryption for Communication Between Clients and ESX/ESXi 00:01:34
    73. Label Virtual Networks Clearly 00:01:20
    74. Do Not Create a Default Port Group 00:00:37
    75. Do Not Use Promiscuous Mode on Network Interfaces 00:00:56
    76. Protect Against MAC Address Spoofing Part1 00:01:15
    77. Protect Against MAC Address Spoofing Part2 00:01:37
    78. Secure the ESX/ESXi Host Console 00:01:05
    79. Chapter 08 Review 00:01:13
  10. Chapter 09- Hardening Your ESXi Server
    1. Hardening Your ESXi Server 00:00:25
    2. Differences: VMware ESX vs. ESXi 00:02:59
    3. Differences: VMware ESX and ESXi 00:01:15
    4. Configuring Host-level Management in ESXi 00:00:24
    5. ESXi - Strictly Control Root Privileges 00:01:22
    6. Control Access to Privileged Capabilities ESXi Part1 00:00:54
    7. Control Access to Privileged Capabilities ESXi Part2 00:01:58
    8. Control Access to Privileged Capabilities ESXi Part3 00:00:49
    9. DCUI 00:00:49
    10. Control Access to Privileged Capabilities ESXi (cont.) 00:01:43
    11. Maintain Proper Logging - ESXi 00:01:04
    12. Establish and Maintain Configuration File Integrity ESXi 00:01:33
    13. Secure the SNMP Configuration ESXi 00:01:40
    14. Ensure Secure Access to CIM 00:00:56
    15. Audit or Disable Technical Support Mode 00:01:47
    16. Chapter 09 Review 00:00:22
  11. Chapter 10 - Hardening Your vCenter Server
    1. Hardening Your vCenter Server 00:00:20
    2. VirtualCenter 00:01:03
    3. Set Up the Windows Host for Virtual Center with Proper Security 00:01:33
    4. Limit Network Connectivity to Virtual Center 00:01:07
    5. Use Proper Security Measures When Configuring the Database for Virtual Center 00:01:41
    6. Enable Full and Secure Use of Certificate-based Encryption 00:00:56
    7. Default Certificates 00:02:48
    8. Replacing Server‐Certificates 00:01:03
    9. vCenter Log Files and Rotation 00:00:52
    10. Collecting vCenter Log Files 00:00:50
    11. Use VirtualCenter Custom Roles 00:01:34
    12. Document and Monitor Changes to the Configuration 00:00:30
    13. VirtualCenter Add-on Components 00:01:22
    14. VMware Update Manager 00:01:37
    15. VMware Converter Enterprise Part1 00:01:02
    16. VMware Converter Enterprise Part2 00:01:03
    17. VMware Guided Consolidation 00:01:18
    18. General Considerations 00:01:14
    19. Client Components 00:00:39
    20. Verify the Integrity of VI Client 00:02:23
    21. Monitor the Usage of VI Client Instances 00:01:13
    22. Avoid the Use of Plain-Text Passwords 00:02:12
    23. vShield Zones Overview 00:01:31
    24. vShield VM Wall Features 00:01:03
    25. vShield VM Flow Features 00:01:04
    26. Demo - vShield Zones 00:55:45
    27. Chapter 10 Review 00:00:21
  12. Chapter 11 - 3rd Party Mitigation Tools
    1. 3rd Party Mitigation Tools 00:00:29
    2. Virtualization: Greater Flexibility, Diminished Control 00:01:15
    3. Making Sense of the Virtualization Security Players 00:01:02
    4. 1K View of Players Part1 00:01:05
    5. 1K View of Players Part2 00:01:19
    6. 1K View of Players Part3 00:01:57
    7. 1K View of Players Part4 00:01:48
    8. 1K View of Players Part5 00:01:26
    9. 1K View of Players Part6 00:00:46
    10. In-depth Look - Authors Picks HyTrust Appliance 00:01:11
    11. HyTrust Appliance - Key Capabilities (cont.): Unified Access Control 00:00:57
    12. HyTrust Appliance - Key Capabilities (cont.): Policy Management 00:01:09
    13. HyTrust Appliance - Key Capabilities (cont.): Audit-quality Logging 00:01:02
    14. HyTrust Appliance - Key Capabilities (cont.): Hypervisor Hardening 00:00:56
    15. In-depth Look - Authors Picks Catbird 00:02:51
    16. Catbird - Policy-driven Security 00:00:57
    17. Catbird - Continuous Compliance 00:00:41
    18. What's Missing? 00:00:36
    19. Making Sense of It All 00:02:17
    20. Chapter 11 Review 00:00:34
    21. Course Closure 00:00:38