Für diesen Artikel ist leider kein Bild verfügbar.

Virtualization Security Audit and Assessment

Buch | Hardcover
288 Seiten
2014
Taylor & Francis Inc (Verlag)
978-1-4398-5180-7 (ISBN)
65,95 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
A complete overview of how virtualization impacts an organization’s compliance program, this text begins with a history of the technology, how it has become more efficient, and how it has been used to improve infrastructure agility. The book provides a background of the implementation of server virtualization; the risks associated with that implementation; control or security techniques to mitigate those risks; and approaches, tools, and techniques to assure that those controls and security tools are working as intended. Topics covered include: virtualization overview; compliance and risk; application and storage virtualization; and virtualization management infrastructure.

BACKGROUND: Introductions, Logistics, Attendee's Learning Objectives. Virtualization Resources, Course CD, have a copy of the audit program available. Virtualization Background, History. Virtualization Benefits. Virtualization as a Control or Security Enhancer. Virtualization Approaches, Vendors, Definitions. Current Developments. General Risks. Applying Virtualization in IS Audit, and in IS Audit Education. Lab Configuration. VMworld, VMware Security Lab, VCP. OVERALL RISKS AND STANDARDS: 10 Key Risks. Gartner Risk Research Results. Other Risk Perspectives, article, blogs, vendors. Standards - Center for Internet Security (3.0 2007, 3.5 in 2009). Standards - VMware Whitepapers (3.52008). Standards - DISA SnG (final 2008). Vulnerabilities - VMSA's and CVE's. Hardware Risks. ESX 3.5 UPDATE 4 = CONTROLS AND SECURITY TECHNIQUES, NETWORK CONFIGURATION & LOGICAL USER ACCESS DEFAULT SETTING "HIGH" (2.X AND 3.X). 20. Remote Connections (throught vCenter, client direct, web direct). Network Configurations and Commands. Ports, SNMP, VLANs, Other. Forwards and Redirects. Iptables Firewall (3.x , not in 2.x). COS Root & VC Administrator controls. Virtual Center Roles & Users. Password Configuration. CONFIGURATION AND OTHER RISKS AND CONTROLS: Patches (VMware not RHEL), VMware Update Manager. Storage Options & Considerations (redundancy, access). Resource Allocation & DOS. Command Line Tools. Logging and Monitoring. Data Discovery. Other. ESX AUDIT/ASSESSMENT APPROACHES AND TOOLS: ESX Audit Program. ESX Policy. Specific Metric Comparison and Enumeration Approaches. Nontechnical Tools and Scope Topics. Tools - Free (or nearly free). Tools Vendor Solutions. Center for Internet Security CIS-CAT 2.1.1. OTHER AUDIT/ ASSESSMENT PROCEDURES: Logging. Patching (VMware Update Manager). Security products and placement. Storage considerations. Build your own tools - VI SDKJAPI (Perl). ESXCFG-INFO
Other Tools -Veeam, vCommander, SearchMyVM, miscellaneous. THE REQUIRED AND ALWAYS ENTERTAINING "MISC": vSphere (aka ESX 4) Differences and New Features. PCIIDSS Considerations. Other - Storage, Backup and continuity topics, ESX 3i. ESX Versions Before 3.5.

Erscheint lt. Verlag 5.2.2014
Verlagsort Washington
Sprache englisch
Maße 156 x 234 mm
Themenwelt Informatik Betriebssysteme / Server Virtualisierung
Informatik Netzwerke Sicherheit / Firewall
Technik
ISBN-10 1-4398-5180-8 / 1439851808
ISBN-13 978-1-4398-5180-7 / 9781439851807
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Deployment, Testen und Debugging von Containern in …

von Karl Matthias; Sean P. Kane

Buch | Softcover (2020)
MITP (Verlag)
10,00
Das umfassende Handbuch zur Virtualisierung mit vSphere 7

von Bertram Wöhrmann; Dennis Zimmer; Jan Große …

Buch | Hardcover (2020)
Rheinwerk (Verlag)
89,90