Tag: Security

Security Links

General

Security Design of the Vmware Infrastructure 3 Architecture
VMware Infrastructure 3 Security Hardening
VMware ESX Server – Providing LUN Security
Security in a Virtualized Environment (VMworld 2007)
Security Architecture Design and Hardening VI3 (VMworld 2007)
VMware’s Security Response Policy
ESX Security White Paper
VI3 Security Risk Assessment Template
Virtualization Security Playbook
Being escorted out of the cave
Security Implications of the Virtual Data Center
Virtualization and Enterprise Configuration Policy Compliance (VMworld 2007)
Using the Secure Technical Implementation Guide (STIG) with VI3 (VMworld 2007)
Proven Practice: 20 Questions from IT Security Professionals
Top 100 Virtualization Security Questions
CPNI Technical Note 1/2009 Security Considerations For Server Virtualization
Virtualization: Disruptive Technologies Video Interview: Part 1 Part 2 Part 3 Part 4
The Four Horsemen of the Virtualization Security Apocalypse
The Four Horsemen of the Virtualization Security Apocalypse (Slides)

ESX Host

CIS ESX Server 3.x Security Benchmark
How to secure your VMware ESX Server
Security Hardening and Monitoring of VMware Infrastructure 3 (VMworld 2007)
ESX Server Security Technical Implentation Guide
Anti-virus software on the VMware ESX Service Console?

Compliance

Surviving Regulatory Compliance in the Virtual Infrastructure (VMworld 2006)
PCI Knowledgebase
How Server Virtualization Impacts Data Security and PCI Compliance
PCI DSS Security Standard
How to Achieve Security and Satisfy Compliance (VMworld 2007)
Best Practices for Surviving Regulatory Compliance (VMworld 2007)
Achieving Compliance in a Virtualized Environment
Ten Steps to Continuous Compliance: Putting in Place an Enterprise-Wide Compliance Strategy
Reducing the Scope of Your PCI Audit: Innovative Network Segmentation Using Host Intrusion Defense
Staying PCI Compliant in Virtual and Physical Environments
Insights from an Auditor: Ensuring a Successful PCI Audit
VMware Compliance Center
How Virtualization affects PCI DSS – Part 1 Mapping PCI Requirements and Virtualization
How Virtualization affects PCI DSS – Part 2 A Review of the Top 5 Issues

DMZ

DMZ Virtualization with VMware Infrastructure
Proven Practice: Choosing a DMZ Strategy
Preventing VMware ESX or ESXi network security breaches in DMZs

Hacking

Subverting the Windows Kernel for Fun and Profit
On the Cutting Edge: Thwarting Virtual Machine Detection
Detecting the Presence of Virtual Machines Using the Local Data Table
Attacks on Virtual Machine Emulators
Analysis of the Intel Pentium’s Ability to Support a Secure Virtual Machine Monitor
Compatibility is Not Transparency: VMM Detection Myths and Realities
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
Hardware Virtualization Rootkits

Networking

Virtual Switch Security
802.1Q VLAN Security Report
Epiphany: For Network/InfoSec Folks, the Virtualization Security Awareness Problem All Starts With the vSwitch…
Oh Noes: We Can’t Monitor/Protect Against Intra-VM Traffic!
Keeping your Vmotion Traffic Secure
Minimizing promiscuous mode port group security breaches
Avoid high-risk data commingling with VMware virtual networks to prevent security vulnerabilities

Virtual Machine

CIS Virtual Machine Security Benchmark
Improving VM Security: Best Practices
Hardening the VMX File
Hardening the VMX File: Redux

Share This:

Top 10 things you must read about VMware Security

  1. VMware Infrastructure 3 Security Hardening – A white paper from VMware with tips on securing ESX servers, VirtualCenter and Virtual Machines.
  2. Security Design of the VMware Infrastructure 3 Architecture – A white paper from VMware describing the security architecture of VI3 including networking, storage, service console and the hypervisor.
  3. Security Hardening and Monitoring of VMware Infrastructure 3 – A VMworld 2007 lab manual that covers real-world examples of securing VI3.
  4. VMware ESX Server – Providing LUN Security – A white paper from VMware written in response to LUN security concerns that have been raised.
  5. CIS ESX Server 3.x Security Benchmark – Center for Internet Security (CIS) recommended guidelines for securing ESX servers.
  6. CIS Virtual Machine Security Benchmark – Center for Internet Security (CIS) recommended guidelines for securing Virtual Machines.
  7. Security Architecture Design and Hardening VI3 (VMworld 2007) – A VMworld 2007 presentation on the security design of VI3 and recommended hardening steps.
  8. VI3 Security Risk Assessment Template – A great document from Xtravirt to help assess and mitigate security risks with VI3.
  9. Security in a Virtualized Environment (VMworld 2007) – A VMworld 2007 presentation comparing physical to virtual security.
  10. Virtualization Security Playbook – A compilation of 8 good virtual security articles.
Share This: