ebook img

VMware vSphere and virtual infrastructure security securing the virtual environment. - Description based on print version record PDF

553 Pages·2009·9.836 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview VMware vSphere and virtual infrastructure security securing the virtual environment. - Description based on print version record

Praise Page for VMware vSphere™ and Virtual Infrastructure Security “I’ve known Edward for a while and he is very passionate about security and virtualiza- tion and this book represents his passion for both subjects. Security is one area that is often not paid enough attention to and in a virtual environment it is absolutely critical as many different security threats exist compared to physical environments. Ed’s latest book covers every area of virtualization security and is a must read for anyone who has virtual- ized their environment so they can understand the many threats that exist and how to protect themselves from them.” —Eric Siebert, author of VMware® V13 Implementation and Administration, blogger for Tech Target, and owner of http://vsphere-land.com and vExpert 2009 “This book is a comprehensive, in-depth review of security in virtualized environments using VMware Infrastructure and VMware vSphere. Edward reinforces the need to include security in every area of your virtualized environment as he thoroughly discusses the security implications present in your server hardware, storage, networking, virtual machines, and guest operating systems. Even without the focus on security, Edward’s book is a valuable reference work for the useful tidbits of knowledge he’s gathered during his career. Highly recommended!” —Scott Lowe, virtualization blogger, author, and VMware vExpert This page intentionally left blank V M W A R E V S P H E R E ™ A N D V I R T U A L I N F R A S T R U C T U R E S E C U R I T Y This page intentionally left blank V M W A R E V S P H E R E ™ A N D V I R T U A L I N F R A S T R U C T U R E S E C U R I T Y SECURING THE VIRTUAL ENVIRONMENT EDWARD L. HALETKY Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Cape Town • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the Editor-in-Chief publisher was aware of a trademark claim, the designations have been printed with initial Karen Gettman capital letters or in all capitals. Acquisitions Editor The author and publisher have taken care in the preparation of this book, but make no Jessica Goldstein expressed or implied warranty of any kind and assume no responsibility for errors or Senior Development omissions. No liability is assumed for incidental or consequential damages in connection Editor with or arising out of the use of the information or programs contained herein. Chris Zahn The publisher offers excellent discounts on this book when ordered in quantity for bulk Managing Editor purchases or special sales, which may include electronic versions and/or custom covers Kristy Hart and content particular to your business, training goals, marketing focus, and branding Project Editor interests. For more information, please contact: Andy Beaster U.S. Corporate and Government Sales Copy Editor (800) 382-3419 Barbara Hacha [email protected] Indexer For sales outside the United States please contact: Erika Millen International Sales Proofreader [email protected] Linda Seifert Visit us on the Web: informit.com/ph Publishing Coordinator Romny French Library of Congress Cataloging-in-Publication Data Cover Designer Haletky, Edward. Chuti Prasertsith VMware vSphere and virtual infrastructure security : securing the virtual environment / Edward L. Haletky. Compositor p. cm. Nonie Ratcliff Includes index. ISBN 978-0-13-715800-3 (pbk. : alk. paper) 1. Virtual computer systems—Security measures. 2. Cloud computing—Security measures. 3. VMware vSphere. 4. Computer security. I. Title. QA76.9.V5H36 2009 005.8—dc22 2009018924 Copyright © 2009 Pearson Education, Inc. All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, write to: Pearson Education, Inc Rights and Contracts Department 501 Boylston Street, Suite 900 Boston, MA 02116 Fax (617) 671 3447 This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). ISBN-13: 978-0-137-15800-3 ISBN-10: 0-137-15800-9 Text printed in the United States on recycled paper at R.R. Donnelley in Crawfordsville, Indiana. First printing June 2009 To my teachers and professors: E. C. Sanborn, D. Holland, W.A. Gustafson, K.C. Howell, M.H. Williams, and E. Bailey (1929–2000). As well as all the others who taught me how to think. This page intentionally left blank Table of Contents 1 WHAT IS A SECURITY THREAT? 1 Heap Overflows 31 Web-Based Attacks 33 The 10,000 Foot View without Layer 2 Attacks 41 Virtualization 2 Layer 3 Nonrouter Attacks 46 The 10,000 Foot View with DNS Attacks 47 Virtualization 4 Layer 3 Routing Attacks 49 Applying Virtualization Man in the Middle Attack Security 5 (MiTM) 51 Definitions 10 Conclusion 57 Threat 11 3 UNDERSTANDING VMWARE Vulnerability 11 VSPHERE™ AND VIRTUAL Fault 11 INFRASTRUCTURE SECURITY 59 The Beginning of the Journey 12 Hypervisor Models 59 2 HOLISTIC VIEW FROM THE Hypervisor Security 60 BOTTOM UP 15 Secure the Hardware 61 Attack Goals 16 Secure the Management Anatomy of an Attack 17 Appliance 62 Footprinting Stage 17 Secure the Hypervisor 63 Scanning Stage 17 Secure the Management Enumeration Stage 19 Interfaces 81 Penetration Stage 21 Secure the Virtual Machine 89 Types of Attacks 23 Conclusion 89 Buffer Overflows 23 ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.