Technology Conference Listing
Featured: Women in STEM Conference and Award, San Francisco, Sept 10-12, 2017
Featured: PrecisionAg Vision Conference, Phoenix, Oct 10-12, 2017
Featured: SPTechCon, SharePoint Technology Conference, Washington, DC, Nov 12-15, 2017
San Francisco Professional Events List
Securing and Auditing Virtualized Environments - ASN304
Date
Link to Website
Organizer
Venue
Location
"Excellent program. Best training I have had in a while."
-IT Audit Manager, TCF Bank
In this five-day seminar, we will focus on ESX and Hyper-V security. You will start with virtualization basics, hardware virtualization considerations, and different versions of ESX. We will examine best practices for securing ESX servers, access to the management console, ESX logging and other configuration issues to ensure ESX virtual server hosts are secure and stable. We will then review Hyper-V and best practices for securing a Hyper-V environment. Finally, we will tie all of these concepts together with a formulation of a suggested audit program of ESX/Hyper-V and the virtual server environment. Case studies using a combination of live demonstrations and exercises will reinforce important virtualization concepts and associated audit points addressed in real audit projects.
Prerequisites: A working knowledge of operating system security, networking concepts, and associated logical access controls, Network Security Essentials (ASG203), Intermediate Audit School (ITG241), or equivalent experience.
Advance Preparation: None
Learning Level: Intermediate
Delivery Method: Group-Live
Field: Auditing
Overview
"Excellent program. Best training I have had in a while."
- IT Audit Manager, TCF Bank
In this five-day seminar, you will focus on ESX and Hyper-V security. You will start with virtualization basics, hardware virtualization considerations and different versions of ESX. We will examine best practices for securing ESX servers, access to the management console, ESX logging and other configuration issues to ensure ESX virtual server hosts are secure and stable. You will review Hyper-V and best practices for securing a Hyper-V environment. Finally, you will tie all of these concepts together with a formulation of a suggested audit program of ESX/Hyper-V and the virtual server environment. Case studies using a combination of live demonstrations and exercises will reinforce important virtualization concepts and associated audit points addressed in real audit projects.
Prerequisites: A working knowledge of operating system security, networking concepts, and associated logical access controls, Network Security Essentials (ASG203), Intermediate Audit School (ITG241) or equivalent experience
Advance Preparation: None
Learning Level: Intermediate
Field: Auditing
Delivery Method: Group-Live
Who Should Attend
Information Security Managers, Analysts, and Administrators; IT Managers, Architects, and Developers/Integrators; IT Auditors; Network and System Administrators; Security Architects and Engineers; Application Certification/Quality Assurance Specialists; Consultants; Compliance Officers; Project Managers
CPEs: 40
INSTRUCTOR: Alan Sugano
LEVEL: Intermediate
Tuition: $2,895
Agenda
1. Virtualization Basics
- define virtualization
- advantages and disadvantages of virtualization
- hardware considerations
- high availability
- back-up strategies
- ESX and Hyper-V
- integrating virtualization and disaster recovery
- potential hypervisor attacks
2. ESX Basics
- ESX versions
- ESX 4.x and 5.x
- managing ESX hosts
- ESX host security
- patching ESX hosts
3. Hyper-V Basics
- Windows Server 2012 vs. Windows Server 2012 Server Core
- Installing Hyper-V on Windows Server 2012 vs. Server Core 2012
- System Center Virtual Machine Manager, Server Core and Hyper-V
- Windows Server 2012 and Hyper-V 2012
- best practices for securing Hyper-V hosts
4. Developing an Audit Program for ESX/Hyper-V
- hardware parameters
- proper UPS configuration for hosts and guests
- best practices for console access
- log file configuration and review
- firewall configuration
- SNMP configuration
- Scanning for servers for security holes/viruses/root kits
- back-up strategy
- patch management
- VMotion/DRS security
- virtual guest configuration
- virtual server guest base images