Certified Virtualization Security Expert, Part 5 of 6: Hardening the Server

This course is about the hardening techniques of the ESX server. It will cover best practices, isolation, and how templates can be used effectively. It will also cover VM segmentation, limiting data flow, the set info hazard, directory services control access and maintaining logs. This course contains the following lessons:

Lesson 1:

• Virtual Machines
• Disable Unnecessary or Superfluous Functions
• Templates
• Prevent VMs from Taking Over Resources
• Isolate VM Networks
• Example Network Architecture
• ARP Cache Poisoning
• Virtual Machine Segmentation
• Disable Copy and Paste Operations
• Limit Data Flow
• Limit Data Flow Continued
• Set Info Hazard
• Set Info Hazard Continued
• Non-Persistent Disks
• Persistent Disks
• Ensure Unauthorized Devices are Not Connected
• Avoid DoS caused by Virtual Disk Modification.

Lesson 2:

• Verify File Permissions
• Demo: Graph
• Demo: Virtual System Center
• Demo: Assign Permissions
• Demo: Permissions Continued
• Demo: User Permissions
• Demo: XP-Attacker
• Configuring ESX and ESXi.

Lesson 3:

• Configuring the Service Console in ESX
• Demo: Set up ESX Access
• Demo: Checking Access
• Demo: Users and Groups
• Demo: esxadmins
• Configure the Firewall for Maximum Security
• Demo: Firewall Services
• Demo: Reading Firewall Information
• Demo: Turn off Unnecessary Ports
• Limiting Running Services.

Lesson 4:

• Limit What's Running in the Service Console
• Processes Running in SC
• The vSphere Client
• Use a Directory Service for Authentication
• Demo: Active Directory Integration
• Demo: Enable the Domain
• Demo: Authentication
• Demo: No Password Account
• Root.

Lesson 5:

• Strictly Control Root Privileges
• Control Access to Privileged Capabilities
• Demo: Hardening ESX
• Demo: sshd-config
• Demo: Special User Permissions
• Demo: User vs. Group Permissions
• Demo: Successful Login.

Lesson 6:

• Demo: Banner
• Demo: Other Commands
• Demo: Implementing sudo
• Demo: Changes for sudo
• Demo: sudoers File
• Demo: Sudo Changes
• Demo: Run Commands as Another User
• Demo: Running Commands Continued
• Password Aging and Complexity.

Lesson 7:

• ESX/Linux User Authentication
• Configuring ESX Authentication
• ESX Authentication Settings
• Reusing Passwords
• Configuring Password Complexity
• Managing ESX
• Maintain Proper Logging
• Best Practices for Logging
• ESX Log Files
• Establish and Maintain File System Integrity
• SNMP
• Protect Against the Root File System Filling Up
• Disable Automatic Mounting of USB Devices
• Isolation
• VLAN1
• Encryption Issues
• Do Not Use Promiscuous Mode on Network Interfaces
• Protect Against MAC Address Spoofing
• Protect Against Network Attacks.

Lesson 8:

• Differences: VMware ESX and ESXi
• Configure Host-Level Management
• Strictly Control Root Privileges
• Control Access to Privileged Capabilities
• Control Access to Privileged Capabilities Cont.
• Privilege Levels
• DCUI
• DCUI Continued
• Maintain Proper Logging
• Establish and Maintain ConfigFile Integrity
• Secure the SNMP Connection
• Ensure Secure Access to CIM
• Audit or Disable Technical Support Mode.