Certified Virtualization Security Engineer

This 4 day fast paced, deep dive, hands-on course provides not only the foundation needed for highly secure deployment of VMware vSphere, it also provides a complete understanding of the CIA triad as it relates to virtualization. This course will cover everything from design, configuration, best practices, performance monitoring, and just about everything in between! We endeavour to provide an understanding of what can and cannot be performed to secure your virtualized datacenter!

Certified Virtualization Security Engineer

COURSE OBJECTIVES

• The Datacenter is under attack and mistakes made in implementing the virtual platform can lead to a major attack. It has happened before and will again.
• Every day we read about new methods of attacking Infrastructure as a Service such as Amazon, now learn how a properly designed virtual layer can aid in mitigating some of these attacks.
• Learn how Confidentiality can be improved with some awesome features implemented in vSphere.
• Learn how Integrity can be maintained with a proper design and implementation of VMware vSphere.
• Learn how Availability is designed into the VMware vSphere architecture and how you can improve and maintain this.
• Spend some time performing a few hacks, and a lot of time implementing a secure architecture with hands on labs
• Much of your time will be hands on!

Module 1 – Virtualization and Cloud Overview

• Overview of Virtualization
• Overview of Cloud Technologies
• Design
  • Functional Requirements
  • Security Implications
  • Examples

Module 2 – vSphere Monitoring and Performance (Availability Constraints)

• Configuring ESXi resources for best performance (HOL)
  • Understanding the resources such as CPU, Memory and Disk
• Configuring the VM for best performance (HOL)
• Monitoring the vSphere and vCloud Infrastructure (HOL)
  • vCenter Performance Tab (HOL)
  • esxtop (HOL)
• Configuring Alarms (HOL)
• Using Resource Pools properly (HOL)
• Troubleshooting performance issues
• vSphere Logs (HOL)

 Module 3 – vSphere Native Security

• ESXi Native Controls
  • Active Directory Integration (HOL)
  • Managing the Firewall (HOL)
  • Logging
  • Lock Down Mode
  • Acceptance Level
  • Secure Boot Support
  • VMKernel Preventative Controls
  • File System Structure
  • Hardening SSH (HOL)
  • MOB
  • Authentication Proxy
• vCenter Native Controls
  • Encrypted vMotion
  • Managed Object Browser
  • NFC SSL
  • Audit Quality Logging
• VM Native Controls
  • Security out of the Box
  • Secure Boot Support
  • Advanced Settings
  • VM Encryption
  • VM Sandboxing

Module 4 – vSphere Security Risks

• Introduction to Risk
  • How virtualization differs
• Known Risks
  • ESXi Host
  • vCenter
  • vNetwork
  • vStorage
  • Others

 Module 5 – Designing for Security

• Designing the Network
  • vNetwork Native Controls
  • Recommendations for Design
• Storage Implications
  • vStorage Native Controls
  • Recommendations for Design
• Implications for Management Access

Module 6 – Hardening vSphere

• Introduction to the Hardening Guide
• Hardening the ESXi Host
  • vNetwork
  • vStorage
  • Availability
• Hardening vCenter
• Hardening Virtual Machines
  • Advanced Settings
  • Easy PowerCLI

 Module 7 – Managing Risk and Compliance  

• Overview of Compliance
• vRealize Operations Manager
• PowerCLI supporting risk management
• Free Compliance Checking Tools

 Module 8 – Third Party Mitigation Solutions  

• Catbird
• Cisco Adaptive Security Virtual Appliance
• Firefly Host – Juniper Networks Product
• HyTrust
• Sophos Endpoint Antivirus – Cloud
• Reflex VMC
• TrendMicro Deep Security
• WatchGuard

• Network+ Certification or Equivalent Knowledge
• Two Years’ Experience with Microsoft or Linux Servers
• Basic Virtualization/Cloud Knowledge
• Certified Virtualization Engineer or equivalent knowledge

• Virtualization and Cloud Administrators and Engineers
• Virtualization and Cloud Security Engineers
• System Administrators and Engineers