VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment [Paperback]

Edward Haletky (Author)

Book Description

ISBN-10: 0137158009 | ISBN-13: 978-0137158003 | Publication Date: July 2, 2009 | Edition: 1

Complete Hands-On Help for Securing VMware vSphere and Virtual Infrastructure by Edward Haletky, Author of the Best Selling Book on VMware, VMware ESX Server in the Enterprise

 

As VMware has become increasingly ubiquitous in the enterprise, IT professionals have become increasingly concerned about securing it. Now, for the first time, leading VMware expert Edward Haletky brings together comprehensive guidance for identifying and mitigating virtualization-related security threats on all VMware platforms, including the new cloud computing platform, vSphere.

 

This book reflects the same hands-on approach that made Haletky’s VMware ESX Server in the Enterprise so popular with working professionals. Haletky doesn’t just reveal where you might be vulnerable; he tells you exactly what to do and how to reconfigure your infrastructure to address the problem.

 

VMware vSphere and Virtual Infrastructure Security begins by reviewing basic server vulnerabilities and explaining how security differs on VMware virtual servers and related products. Next, Haletky drills deep into the key components of a VMware installation, identifying both real and theoretical exploits, and introducing effective countermeasures.

Coverage includes

•    Viewing virtualization from the attacker’s perspective, and understanding the new security problems it can introduce

•    Discovering which security threats the vmkernel does (and doesn’t) address

•    Learning how VMsafe enables third-party security tools to access the vmkernel API

•    Understanding the security implications of VMI, paravirtualization, and VMware Tools

•    Securing virtualized storage: authentication, disk encryption, virtual storage networks, isolation, and more

•    Protecting clustered virtual environments that use VMware High Availability, Dynamic Resource Scheduling, Fault Tolerance, vMotion, and Storage vMotion

•    Securing the deployment and management of virtual machines across the network

•    Mitigating risks associated with backup, performance management, and other day-to-day operations

•    Using multiple security zones and other advanced virtual network techniques

•    Securing Virtual Desktop Infrastructure (VDI)

•    Auditing virtual infrastructure, and conducting forensic investigations after a possible breach

 

 

informit.com/ph      www.Astroarch.com

Editorial Reviews

Review

Praise Page for VMware vSphere and Virtual Infrastructure Security

“I’ve known Edward for a while and he is very passionate about security and virtualization and this book represents his passion for both subjects. Security is one area that is often not paid enough attention to and in a virtual environment it is absolutely critical as many different security threats exist compared to physical environments. Ed’s latest book covers every area of virtualization security and is a must read for anyone who has virtualized their environment so they can understand the many threats that exist and how to protect themselves from them.”

 

–Eric Siebert, author of VMware® V13 Implementation and Administration, blogger for Tech Target, and owner of http://vsphere-land.com and vExpert 2009

 

“This book is a comprehensive, in-depth review of security in virtualized environments using VMware Infrastructure and VMware vSphere. Edward reinforces the need to include security in every area of your virtualized environment as he thoroughly discusses the security implications present in your server hardware, storage, networking, virtual machines, and guest operating systems. Even without the focus on security, Edward’s book is a valuable reference work for the useful tidbits of knowledge he’s gathered during his career. Highly recommended!”

 

–Scott Lowe, virtualization blogger, author, and VMware vExpert

About the Author

Edward L. Haletky is the author of the well-received book VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers. A virtualization expert, Edward has been involved in virtualization host security discussions, planning, and architecture since VMware ESX version 1.5.x. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting, and development. Edward is a 2009 VMware vExpert, Guru, and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward moderates the Virtualization Security Roundtable Podcast held every two weeks where virtualization security is discussed in depth. Edward is DABCC’s Virtualization Security Analyst.

 

Edward is the virtualization Security Analyst at www.virtualizationpractice.com

  

Tim Pierson has been a technical trainer for the past 23 years and is an industry leader in both security and virtualization. He has been the noted speaker at many industry events, including Novell’s Brainshare, Innotech, GISSA, and many military venues, including the Pentagon and numerous facilities addressing security both in the United States and Europe. He is a contributor to Secure Coding best practices and coauthor of Global Knowledge Windows 2000 Boot Camp courseware.

 

 

Tom Howarth is DABCC’s Data Center Virtualization Analyst. Tom is a moderator of the VMware Communities Forums. Tom owns TCA Consulting and PlanetVM.Net. He regularly designs large virtualization projects for enterprises in the U.K. and elsewhere in EMEA. Tom received the VMware vExpert 2009 award.

 

Product Details

• Paperback: 552 pages
• Publisher: Prentice Hall; 1 edition (July 2, 2009)
• Language: English
• ISBN-10: 0137158009
• ISBN-13: 978-0137158003
• Product Dimensions: 9.1 x 6.9 x 1.2 inches
• Shipping Weight: 2 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #273,429 in Books (See Top 100 in Books)

More About the Author

Edward L. Haletky is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

Customer Reviews

Most Helpful Customer Reviews

1 of 1 people found the following review helpful:

5.0 out of 5 stars The reference for securing virtual environments, in particular, VMware-based., October 2, 2009

By 

Raul Siles "www.raulsiles.com" - See all my reviews
(REAL NAME)   

This review is from: VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment (Paperback)

In the first half of this year (2009), I was involved on extending my previous research on virtualization security, and specifically, I focused on securing and hardening VMware ESX environments. This stirred up my interest on this book. To sum up what this book is all about: "I would have loved to have this book handy back by that time, as it would have saved me tons of time" Instead, I had to read and compare multiple VMware security guides from VMware, CIS, NIST, etc, and perform an extensive hands-on research on my own.

The book offers a very solid and broad analysis of multiple security issues on virtual environments, covering not only the technical aspects associated to the virtualization hosts, virtual machines, and virtual data and storage networks, but also management and operational issues, availability concerns, and other common related tasks on newly deployed, or already established, virtualization setups.

The first two chapters focus on security threats and attacks, a basic foundation required for the cross-references available throughout the book,that can be skipped by the on-the-field security readers.

The next three chapters focus on offering best practices and security recommendations for different key components of any virtualization platform, such as the hypervisor, the storage network, and virtual clusters. The next couple of chapters cover most of the security aspects that must be considered on the design, deployment and operation of a virtual environment.

Although all these chapters provide a very good quality security advice, it is not complemented with hands-on examples. I think this could be improved by adding more detailed sections describing step-by-step how to complete the security recommendations exposed, not just what need to be done. However, I understand it is required to cut the size of the book at some point. A good example of how to extend this idea can be observed on chapter 6, where the integration between VMWare ESX and a directory service is covered in depth.

However, both the technical and operational aspects are integrated smoothly, offering a great in-depth overview. Apart from that, the whole recommended list of things to consider in order to get a more secure virtualization infrastructure is summarized in a useful set of boxes called "Security Notes" and spread all throughout the book. These boxes can be easily used as a checklist when deploying or assessing the security of virtual solutions.

My favourite chapters are chapter 8, and specially 9, where virtual machine and virtual networking security is analyzed, respectively. Chapter 9 offers a whole set of networking scenarios and discusses pros and cons to the number of (physical and virtual) network cards and its configuration. A very practical and thorough work!

The book ends up with three special chapters. Chapter 10 covers the new VMware virtual desktop infrastructure (VDI) and the security issues around it. Due to all the client-based attacks nowadays, most probably it is going to be a de-facto standard pretty soon, so getting involved on the virtualization of client systems is a must. Chapter 11 provides a detailed guide to harden VMware ESX and ESXi hosts, a mandatory initial process for every new virtual deployment. Finally, chapter 12 provides a quick and interesting introduction to digital forensics (and data recovery) on virtual enviroments, mainly focused on how to deal with virtual file systems, such as VMFS, VMDKs, and raw disks. A quick recommended read for forensic analysts interested on expanding their skills to virtual victims.

There are a few things I feel will improve the book contents. Unfortunately, due to the publication deadline, its coverage of the latest VMware vSphere virtual architecture is pretty limited, as the author clarifies. Besides that, considering the frequent security updates and patches released by virtualization vendors, I would have liked to find a better coverage of best practices to update the virtual infrastructure itself. Finally, as mentioned previously, about half of the book includes detailed how-to sections describing how to apply the recommended settings, but the other half misses that how-to portion. I understand this may be a limitation to make the book size manageable (it's over 500 pages now).

This book is highly recommended for IT and security architects, involved in the design of new virtual solutions, as well as virtualization administrators and anyone in charge of the maintenance of a virtual infrastructure. From a security perspective, people evaluating, assessing, and suggesting improvements for virtual solutions should read the book in order to have a full overview of all the security threats and possible countermeasures. Overall, the book is a must read for anyone already involved, or planning to get involved, in virtualization. It really helps to acquire a very broad and extensive knowledge of the security considerations that apply to such a complex and modern IT architectures.

5.0 out of 5 stars VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment, September 20, 2010

By 

CJ (Denver, CO) - See all my reviews

Amazon Verified Purchase

This review is from: VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment (Paperback)

I'm in security engineering and we are moving toward this technology. This is a great presentation of the issues. Solid reputation and referred to me by several of the engineers on the project.

5.0 out of 5 stars Guidebook to Secure Virtualization, October 2, 2009

By 

G. Cody Bunch (San Antonio, Tx) - See all my reviews
(REAL NAME)   

This review is from: VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment (Paperback)

A wise person once said that "Virtualization is not a destination, but a journey". The same has also been said about IT Security. In this masterful tome, Mr. Haletky provides us with a soundly written gide book, warning us where the pitfalls are and describing to us the choices we must make on our journey down both the security & virtualization road. Specifically, this book does what any 5 star book should, and accomplishes three things well:

1) Teaches you something new
2) Makes you think
3) Makes you open Google to learn more

It is an awesome book, and I highly recommend it to any virtualization admin, as while the products differ, the pitfalls are the same.