Deutsch
English
Français
NewsVirtSec
Workshop: VirtSec - Compliance to (audit) secure operatiing in virtualized environments
Target audience: Security Officers and Auditors
Duration: 2 days (1 day course & 1 day workshop)
VirtSec
After introducing the basic elements of virtualization architecture, the most important attacks, their threats and vulnerabilities will be presented. We will also explain design questions, security-relevant processes and typical policy elements.
Afterwards specific problems of VMware ESX will be examined. Hardening directives, (Audit) checklists, configuration aspects of the vSwitch and the management access iwill be focused on. Finally (commercial) add-on tools will be presented, their use discussed.
Content:
Day 1 (course)- Basic concepts and Terminology
- Typical elements and essential solutions
- Attacks overview (guest-> guest, guest-> Host, attacks on Mgmt)
- Backdoor / VMEscape
- Attacks tools, fuzzing
- The "Rogue VMs" problem
- Realization of an exemplary risk assessment
- Typical policy elements when using
- Security processes (patching, change management etc.)
Day 2 (Workshop) VMware ESX
Hardening steps & (audits) listen, security aspects of the vSwitch and the management interfaces, commercial add-on tools: classification, presentation, Demo/exercise (Blue Lane, Montego, RSA Reflex]
Technology forecast (Flash based Hypervisor, vSafe-Initiative)