Sample Advanced VMware Security Course Outline

Chapter 1
Course Introduction and Methodology (HOL)

Chapter 2
Design for Security

• Virtualization and The Cloud
• Design - Functional Administration Requirements
• Management Connections and Interfaces
• Design - Functional vSphere Feature Requirements
• vMotion
• High Availability
• Distributed Resource Scheduler
• Design Security Implications
• Security or Functionality
• Isolation, Isolation, Isolation
• Corporate Network
• Management Network
• DMZ
• Highly Classified Environments
• Design Examples

Chapter 3
Penetration Testing 101

• What is a Penetration Test?
• What does a Hack Cost You?
• Penetration Testing Methodologies
• Information Gathering
• Scanning
• Enumeration
• Tools of the Trade
• Website Review – How to stay up to date!
• Hashing, Encryption and Certificates.
• Different Types of Exploits!
• Where do we start with vSphere?

Chapter 4
Security Architecture, vCPU, vMemory

• ESXi File Structure
• Log Files (HOL)
• ESXi and vCenter
• Security Architecture
• Virtual Machine Monitor
• Security Roles and Permissions (HOL)
• VMsafe
• vCPU (HOL)
• Buffer Overflow Protection
• vCPU Availability
• vMemory
• Transparent Page File Sharing
• Balloon Driver
• Swap File
• Compression
• Hyperspacing

Chapter 5
Routing and the vNetwork

• Networking Components
• vSwitch
• vNIC
• Port Groups
• Uplinks
• Physical Switch Configuration (HOL)
• NIC Teaming (HOL)
• Load Balancing
• Failover
• Security Features
• VLAN’s (HOL)
• vDS
• Private VLAN
• Network I/O Control
• Cisco Nexus 1000v
• Network Routing (HOL)

Chapter 6
vStorage – Architecture and Security Implementations

• Virtualized Storage (HOL)
• Pluggable Storage Architecture
• Storage Control
• vSphere API for Array Integration
• Fiber Channel
• LUN Masking
• SAN Zoning
• Fiber Channel Attacks
• Securing Fiber Channel
• iSCSI (HOL)
• Software vs Hardware Initiators
• iSCSI Security Featrures
• CHAP
• IPSec
• Securing iSCSI

Chapter 7
Hardening the Virtual Machines

• Harden the Server
• Unnecessary Functions
• Using Templates (HOL)
• VM Isolation (HOL)
• VM Advanced Settings (HOL)
• SetInfo Hazard
• VMCI (HOL)
• Isolation Tools (HOL)
• VMsafe Settings

Chapter 8
Hardening the Host

• Service Console Security (HOL)
• Password Integrity
• sudo
• Wheel Group
• File System Integrity
• Encrypted Communication
• DCUI – Direct Console User Interface (HOL)
• CIM – Common Information Model (HOL)
• Tech Support Mode (HOL)
• Proxy.xml
• ESXi Lockdown Mode

Chapter 9
Hardening Virtual Center

• Limiting Administrative Access (HOL)
• Limiting Network Connectivity
• Server Certificate Replacement (HOL)
• Controlling Log Files (HOL)
• Custom Rules
• Update Manager
• VMware Converter
• Managing the vCenter Clients (HOL)
• vShield (HOL)

Chapter 10
3rd Party Mitigation Tools

• Altor Networks
• Catbird’s vCompliance
• HyTrust
• Reflex Systems VMC (HOL)
• CheckPoint Virtual Appliances
• Trend Micro (HOL)
• Juniper

Chapter 11
vCloud Security

• Design
• Technology
• Threats
• Mitigation

Chapter 12
Putting it all Together

• Looking back at the key security issues for all topics covered
• Design thoughts
• Final Hands On Lab – Can you secure your environment? (HOL)

Advanced VMware Security Certification Information

Certified Virtualization Security Expert®

Candidates for this examination typically work in one of two areas; most candidates are responsible, at some level, for the security of their infrastructure in that:

• they are managing their security staff and are implementing the daily security initiatives of the virtualized and physical environment. Or
• they are working in the Virtual Infrastructure environment where they are responsible for the implementation and configuration of virtualized servers using VMware ESXi and VMware VirtualCenter.

Invariably their organizations have a pressing duty to provide a secure environment for their clients while utilizing VMware ESXi and VMware VirtualCenter.

Prerequisites
Candidates should have 6 months to a year of experience in monitoring, analyzing and planning the use of VMware ESXi in a medium-size to enterprise-size computing environment. Candidates should also have at least 6 months experience in security planning and implementation in a medium-size to enterprise-size computing environment.

Learning Process
The qualified candidate for this examination would have learned all aspects of planning, architecting, installation, configuration, deployment, analyzing, backing up, monitoring and securing a VMware Virtual Infrastructure consisting of ESXi hosts and the virtual machines created on them. Candidates would also have the unique understanding of how a hacker breaks into the VMware virtual environment. Candidates become qualified to take this certification examination by attending one of the Advanced VMware® Security classes worldwide.

Certified Virtualization Security Expert® Objective

The objective of the Certified Virtualization Security Expert (CVSE®) designation is to confer upon the certificate holder the best-of-breed virtual infrastructure security professional certification. The CVSE® conveys that the individual, who merits this certification, does not just deserve the certification through merely the examination process. More importantly, it assures in-depth knowledge related to virtual security, virtual design, maintenance, infrastructure management, expertise in the field of virtualization and that his/her training is current, relevant and complete.

Scope of the Examination

The examination aims to test candidates from the following segments as taught in the Advanced VMware Security course. There is a total of 80 questions and candidates have 2 hours to complete the test.

Certification - The Goal

Certification assures that recipients have the skills-set to perform the following tasks:

• Administer a VMware Infrastructure
• Perform a Penetration Test against a VMware Infrastructure
• Have a sound understanding of the routing performed in a vSS or vDS
  
• Understand the security designs built into a VMware infrastructure
• Properly setup the Remote DataStore
  
• Fully harden the ESXi host and entire VMware environment

Certification - The Benefits

Certification can lead to better visibility, opportunities and jobs. In today\'s increasingly complex and highly-specialized economy, credentials are everything. Granted the student knows that he/she has the skills to do the job, but nevertheless they still have to convince potential customers and employers as to their prowess. For many career-minded professionals, certification is often the answer.

For IT professionals, it is recognized as a valuable asset to prove professional credentials to employers and the general public. For others, the topic can generate a puzzled response. Why become certified? Isn't a college degree and/or years of practical hands-on experience enough to establish one's credentials? Either response of yes or no is correct, depending on your clientele and colleagues.

The Path to CVSE® Certification

• Attend an Official Advanced VMware Security Ultimate Bootcamp® Course prior to taking the test.
• Pass the proctored examination with a score of 75% or better.

Certification Price

The cost of the Certified Virtualization Security Expert® certification is $295.00. Testing is available at authorized VMTraining testing centers throughout the world. Click here to purchase a certification exam voucher.

Download the Advanced VMware Security Brochure