VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment |  | Author: Edward L. Haletky
Publisher: Prentice Hall
Category: Book
List Price: $49.99
Buy New: $38.23
as of 7/31/2010 06:58 CDT details
You Save: $11.76 (24%)
New (30) Used (11) from $38.09
Seller: supermoviedeals
Rating:  5 reviews
Media: Paperback
Edition: 1
Pages: 552
Number Of Items: 1
Shipping Weight (lbs): 1.9
Dimensions (in): 9.1 x 6.9 x 1.2
ISBN: 0137158009
Dewey Decimal Number: 005.8
EAN: 9780137158003
Availability: Usually ships in 1-2 business days
| |
| Also Available In:
|
| Similar Items:
| |
| Editorial Reviews:
Product Description
Complete Hands-On Help for Securing VMware vSphere and Virtual Infrastructure by Edward Haletky, Author of the Best Selling Book on VMware, VMware ESX Server in the Enterprise As VMware has become increasingly ubiquitous in the enterprise, IT professionals have become increasingly concerned about securing it. Now, for the first time, leading VMware expert Edward Haletky brings together comprehensive guidance for identifying and mitigating virtualization-related security threats on all VMware platforms, including the new cloud computing platform, vSphere. This book reflects the same hands-on approach that made Haletky’s VMware ESX Server in the Enterprise so popular with working professionals. Haletky doesn’t just reveal where you might be vulnerable; he tells you exactly what to do and how to reconfigure your infrastructure to address the problem. VMware vSphere and Virtual Infrastructure Security begins by reviewing basic server vulnerabilities and explaining how security differs on VMware virtual servers and related products. Next, Haletky drills deep into the key components of a VMware installation, identifying both real and theoretical exploits, and introducing effective countermeasures.
Coverage includes
• Viewing virtualization from the attacker’s perspective, and understanding the new security problems it can introduce • Discovering which security threats the vmkernel does (and doesn’t) address • Learning how VMsafe enables third-party security tools to access the vmkernel API • Understanding the security implications of VMI, paravirtualization, and VMware Tools • Securing virtualized storage: authentication, disk encryption, virtual storage networks, isolation, and more • Protecting clustered virtual environments that use VMware High Availability, Dynamic Resource Scheduling, Fault Tolerance, vMotion, and Storage vMotion • Securing the deployment and management of virtual machines across the network • Mitigating risks associated with backup, performance management, and other day-to-day operations • Using multiple security zones and other advanced virtual network techniques • Securing Virtual Desktop Infrastructure (VDI) • Auditing virtual infrastructure, and conducting forensic investigations after a possible breach informit.com/ph www.Astroarch.com
|
| Customer Reviews:
Offers advanced network coverage for any advanced networking IT pro September 17, 2009
Midwest Book Review (Oregon, WI USA)
Edward L. Haletky's VMWARE VSPHERE AND VIRTUAL INFRASTRUCTURE SECURITY: SECURING THE VIRTUAL ENVIRONMENT is for IT professionals involved in networking and offers complete hands-on help for securing Vmware Vsphere and Virtual Infrastructure. From considering attacker perspectives and security threats to learning how to secure deployment and management of virtual machines, this offers advanced network coverage for any advanced networking IT pro.
The reference for securing virtual environments, in particular, VMware-based. October 2, 2009
Raul Siles
In the first half of this year (2009), I was involved on extending my previous research on virtualization security, and specifically, I focused on securing and hardening VMware ESX environments. This stirred up my interest on this book. To sum up what this book is all about: "I would have loved to have this book handy back by that time, as it would have saved me tons of time" Instead, I had to read and compare multiple VMware security guides from VMware, CIS, NIST, etc, and perform an extensive hands-on research on my own.
The book offers a very solid and broad analysis of multiple security issues on virtual environments, covering not only the technical aspects associated to the virtualization hosts, virtual machines, and virtual data and storage networks, but also management and operational issues, availability concerns, and other common related tasks on newly deployed, or already established, virtualization setups.
The first two chapters focus on security threats and attacks, a basic foundation required for the cross-references available throughout the book,that can be skipped by the on-the-field security readers.
The next three chapters focus on offering best practices and security recommendations for different key components of any virtualization platform, such as the hypervisor, the storage network, and virtual clusters. The next couple of chapters cover most of the security aspects that must be considered on the design, deployment and operation of a virtual environment.
Although all these chapters provide a very good quality security advice, it is not complemented with hands-on examples. I think this could be improved by adding more detailed sections describing step-by-step how to complete the security recommendations exposed, not just what need to be done. However, I understand it is required to cut the size of the book at some point. A good example of how to extend this idea can be observed on chapter 6, where the integration between VMWare ESX and a directory service is covered in depth.
However, both the technical and operational aspects are integrated smoothly, offering a great in-depth overview. Apart from that, the whole recommended list of things to consider in order to get a more secure virtualization infrastructure is summarized in a useful set of boxes called "Security Notes" and spread all throughout the book. These boxes can be easily used as a checklist when deploying or assessing the security of virtual solutions.
My favourite chapters are chapter 8, and specially 9, where virtual machine and virtual networking security is analyzed, respectively. Chapter 9 offers a whole set of networking scenarios and discusses pros and cons to the number of (physical and virtual) network cards and its configuration. A very practical and thorough work!
The book ends up with three special chapters. Chapter 10 covers the new VMware virtual desktop infrastructure (VDI) and the security issues around it. Due to all the client-based attacks nowadays, most probably it is going to be a de-facto standard pretty soon, so getting involved on the virtualization of client systems is a must. Chapter 11 provides a detailed guide to harden VMware ESX and ESXi hosts, a mandatory initial process for every new virtual deployment. Finally, chapter 12 provides a quick and interesting introduction to digital forensics (and data recovery) on virtual enviroments, mainly focused on how to deal with virtual file systems, such as VMFS, VMDKs, and raw disks. A quick recommended read for forensic analysts interested on expanding their skills to virtual victims.
There are a few things I feel will improve the book contents. Unfortunately, due to the publication deadline, its coverage of the latest VMware vSphere virtual architecture is pretty limited, as the author clarifies. Besides that, considering the frequent security updates and patches released by virtualization vendors, I would have liked to find a better coverage of best practices to update the virtual infrastructure itself. Finally, as mentioned previously, about half of the book includes detailed how-to sections describing how to apply the recommended settings, but the other half misses that how-to portion. I understand this may be a limitation to make the book size manageable (it's over 500 pages now).
This book is highly recommended for IT and security architects, involved in the design of new virtual solutions, as well as virtualization administrators and anyone in charge of the maintenance of a virtual infrastructure. From a security perspective, people evaluating, assessing, and suggesting improvements for virtual solutions should read the book in order to have a full overview of all the security threats and possible countermeasures. Overall, the book is a must read for anyone already involved, or planning to get involved, in virtualization. It really helps to acquire a very broad and extensive knowledge of the security considerations that apply to such a complex and modern IT architectures.
Guidebook to Secure Virtualization October 2, 2009
G. Cody Bunch (San Antonio, Tx)
A wise person once said that "Virtualization is not a destination, but a journey". The same has also been said about IT Security. In this masterful tome, Mr. Haletky provides us with a soundly written gide book, warning us where the pitfalls are and describing to us the choices we must make on our journey down both the security & virtualization road. Specifically, this book does what any 5 star book should, and accomplishes three things well:
1) Teaches you something new
2) Makes you think
3) Makes you open Google to learn more
It is an awesome book, and I highly recommend it to any virtualization admin, as while the products differ, the pitfalls are the same.
Excellent VMware reference September 10, 2009
Kristy M. Westphal
0 out of 1 found this review helpful
Wow, I was ready for this book. Really, really, really ready! Virtual environments are springing up everywhere and knowing just what to secure within them has been a challenge to identify. This book not only addresses VMware alone, though, it takes a look at issues with securing the entire environment that interrelates with the VMware components and walks you through securing these as well. Anyone running or considering implementing the VMware into their environment should read this book and follow its instruction.
For example, I found the chapter on storage security helpful in that you don't typically see such in-depth coverage of the various component of storage in relation to how they can be a problem with Virtual environments. The issues mentioned here not only relate to virtual security, but can also apply to storage security in general. The author is excellent at covering items that you may not normally see addressed when looking at types of attacks in the virtual world.
The book overall is organized in such a fashion that it can really stand on its own as a security tool for these environments, providing useful guidance in the first several chapters to help establish a baseline understanding of items such as security at a 10,000 foot view and the different types of attacks that can occur. At the back of the book, three appendices with additional information on security hardening scripts, Tripwire recommended configuration and additional links with suggested reading should you want to dive into related topics more deeply.
Other useful features of the book include the occasional `tip', either on implementing your virtual environment or specific security tips are sprinkled throughout the book. Furthermore, there are many useful diagrams that help support the explanation of the complex concepts. On a scale of 1-5, I would most certainly give this book a 5.
 detailed description of vSphere July 11, 2009
W Boudville (Terra, Sol 3)
3 out of 13 found this review helpful
When reading this, keep in mind that this does not describe all types of Virtual Memory machines. It talks in detail about the dominant market player, VMware, but alternatives do exist.
The book is directed at a system administrator responsible for installing and running instances of VMware vSphere. There is an emphasis here on protecting your [virtual] machines from attackers. One tip is to isolate storage devices from all other networks. In practice this amounts to making sure that someone on the Internet cannot directly access them.
NFS is mentioned. Easy to set up, but of all the storage types, it is the least safe. It uses plain text messages in its protocol, and its authorisation steps use the IP address, which is easily spoofed. The book suggests putting NFS machines on their own set of switches, to isolate from other traffic. Or, better yet, run NFS over SSH as a stronger alternative. By the way, these aspects of NFS are not restricted to VM usage. Conventional operating systems using NFS can run into the same problems.
VMotion is nifty. It lets you move a VM from one node [physical machine] to another without rebooting that VM. Which greatly improves flexibility in management. This is analogous to the use of logical storage that hides details of physical storage. But far trickier to implement.
Longstanding good practises are mentioned that are not just for virtual machines. Like never logging in directly as root. Instead, login as a regular user and then su to root, so that the logfile can record the user.
VMFS does have a limitation of 32k of [number of] files. This is one pitfall if you extensively stuff data into a VM.
The most interesting comment in the book was how it is not possible to prevent a user from knowing that she is running in a VM. This appears to be a fundamental constraint of VMware. Granted, there are all sorts of hardware related issues that might have made this convenient. But maybe other virtual memory implementations are able to conceal this from the user to a greater extent?
|
|
|
|
