= Guaranteed to Run!
|Des Moines, IA
|San Diego, CA
|San Francisco, CA
|Des Moines, IA
|Los Angeles, CA
|Des Moines, IA
Advanced VMware Security Course Information
Course Length: 5 Days
The Advanced VMware Security course provides a solid understanding of the various components that make up the vSphere environment. Students have the opportunity to study and understand all aspects of the CIA triad as it pertains to the vSphere infrastructure from the virtual CPU to the storage devices attached to your host and everything in and around that network, including the interconnectivity and design of all those components. Students walk away with a solid understanding of how the adversary infiltrates the virtual environment and, most importantly, how to secure that environment. The course also includes the virtual components that VMware has developed in the vSphere product line, including the vCPU, vMemory, vNetwork, vStorage, ESXi host, virtual center, update manager and many other plug-ins, appliances and third-party mitigation tools.
This course prepares students for the Certified Virtualization Security Expert exam and certification. This is a unique one-of-a-kind certification that is intended to prove you have the knowledge necessary to secure a virtual environment or cloud environment that is running on VMware vSphere. Upon completion of this course, students will be able to assess the security posture of a vSphere 4.x and vSphere 5 architecture, and by extension, the services offered through and by that architecture, and reduce identified risks.
The course is very lab intensive, with close to 50% of the time dedicated to lab work. The labs cover everything from Availability, including Resource Pools and High Availability, to Integrity and Confidentiality on products like vShield, Trend Micro and Reflex. There are labs that deal with the network, storage, hardening of the host, vCenter and VMs! We cover over 25 fully vetted labs that are used by consultants in the field.
vSphere 4.1 or 5.0 Ultimate Bootcamp, VMware vSphere Install, Configure, Manage or equivalent knowledge. In lieu of hands-on classroom training, an in-depth knowledge of VMware's ESX/ESXi virtualization environment is required.
System Administrators and Security Administrators using virtualization software.
Sample Advanced VMware Security Course Outline
Course Introduction and Methodology (HOL)
Design for Security
- Virtualization and The Cloud
- Design - Functional Administration Requirements
- Management Connections and Interfaces
- Design - Functional vSphere Feature Requirements
- High Availability
- Distributed Resource Scheduler
- Design Security Implications
- Security or Functionality
- Isolation, Isolation, Isolation
- Corporate Network
- Management Network
- Highly Classified Environments
- Design Examples
Penetration Testing 101
- What is a Penetration Test?
- What does a Hack Cost You?
- Penetration Testing Methodologies
- Information Gathering
- Tools of the Trade
- Website Review – How to stay up to date!
- Hashing, Encryption and Certificates.
- Different Types of Exploits!
- Where do we start with vSphere?
Security Architecture, vCPU, vMemory
- ESXi File Structure
- Log Files (HOL)
- ESXi and vCenter
- Security Architecture
- Virtual Machine Monitor
- Security Roles and Permissions (HOL)
- vCPU (HOL)
- Buffer Overflow Protection
- vCPU Availability
- Transparent Page File Sharing
- Balloon Driver
- Swap File
Routing and the vNetwork
- Networking Components
- Port Groups
- Physical Switch Configuration (HOL)
- NIC Teaming (HOL)
- Load Balancing
- Security Features
- VLAN’s (HOL)
- Private VLAN
- Network I/O Control
- Cisco Nexus 1000v
- Network Routing (HOL)
vStorage – Architecture and Security Implementations
- Virtualized Storage (HOL)
- Pluggable Storage Architecture
- Storage Control
- vSphere API for Array Integration
- Fiber Channel
- LUN Masking
- SAN Zoning
- Fiber Channel Attacks
- Securing Fiber Channel
- iSCSI (HOL)
- Software vs Hardware Initiators
- iSCSI Security Featrures
- Securing iSCSI
Hardening the Virtual Machines
- Harden the Server
- Unnecessary Functions
- Using Templates (HOL)
- VM Isolation (HOL)
- VM Advanced Settings (HOL)
- SetInfo Hazard
- VMCI (HOL)
- Isolation Tools (HOL)
- VMsafe Settings
Hardening the Host
- Service Console Security (HOL)
- Password Integrity
- Wheel Group
- File System Integrity
- Encrypted Communication
- DCUI – Direct Console User Interface (HOL)
- CIM – Common Information Model (HOL)
- Tech Support Mode (HOL)
- ESXi Lockdown Mode
Hardening Virtual Center
- Limiting Administrative Access (HOL)
- Limiting Network Connectivity
- Server Certificate Replacement (HOL)
- Controlling Log Files (HOL)
- Custom Rules
- Update Manager
- VMware Converter
- Managing the vCenter Clients (HOL)
- vShield (HOL)
3rd Party Mitigation Tools
- Altor Networks
- Catbird’s vCompliance
- Reflex Systems VMC (HOL)
- CheckPoint Virtual Appliances
- Trend Micro (HOL)
Putting it all Together
- Looking back at the key security issues for all topics covered
- Design thoughts
- Final Hands On Lab – Can you secure your environment? (HOL)
Advanced VMware Security Certification Information
Certified Virtualization Security Expert®
Candidates for this examination typically work in one of two areas; most candidates are responsible, at some level, for the security of their infrastructure in that:
- they are managing their security staff and are implementing the daily security initiatives of the virtualized and physical environment. Or
- they are working in the Virtual Infrastructure environment where they are responsible for the implementation and configuration of virtualized servers using VMware ESXi and VMware VirtualCenter.
Invariably their organizations have a pressing duty to provide a secure environment for their clients while utilizing VMware ESXi and VMware VirtualCenter.
Candidates should have 6 months to a year of experience in monitoring, analyzing and planning the use of VMware ESXi in a medium-size to enterprise-size computing environment. Candidates should also have at least 6 months experience in security planning and implementation in a medium-size to enterprise-size computing environment.
The qualified candidate for this examination would have learned all aspects of planning, architecting, installation, configuration, deployment, analyzing, backing up, monitoring and securing a VMware Virtual Infrastructure consisting of ESXi hosts and the virtual machines created on them. Candidates would also have the unique understanding of how a hacker breaks into the VMware virtual environment. Candidates become qualified to take this certification examination by attending one of the Advanced VMware® Security classes worldwide.
Certified Virtualization Security Expert® Objective
The objective of the Certified Virtualization Security Expert (CVSE®) designation is to confer upon the certificate holder the best-of-breed virtual infrastructure security professional certification. The CVSE® conveys that the individual, who merits this certification, does not just deserve the certification through merely the examination process. More importantly, it assures in-depth knowledge related to virtual security, virtual design, maintenance, infrastructure management, expertise in the field of virtualization and that his/her training is current, relevant and complete.
Scope of the Examination
The examination aims to test candidates from the following segments as taught in the Advanced VMware Security course. There is a total of 80 questions and candidates have 2 hours to complete the test.
Certification - The Goal
Certification assures that recipients have the skills-set to perform the following tasks:
- Administer a VMware Infrastructure
- Perform a Penetration Test against a VMware Infrastructure
- Have a sound understanding of the routing performed in a vSS or vDS
- Understand the security designs built into a VMware infrastructure
- Properly setup the Remote DataStore
- Fully harden the ESXi host and entire VMware environment
Certification - The Benefits
Certification can lead to better visibility, opportunities and jobs. In today\'s increasingly complex and highly-specialized economy, credentials are everything. Granted the student knows that he/she has the skills to do the job, but nevertheless they still have to convince potential customers and employers as to their prowess. For many career-minded professionals, certification is often the answer.
For IT professionals, it is recognized as a valuable asset to prove professional credentials to employers and the general public. For others, the topic can generate a puzzled response. Why become certified? Isn't a college degree and/or years of practical hands-on experience enough to establish one's credentials? Either response of yes or no is correct, depending on your clientele and colleagues.
The Path to CVSE® Certification
- Attend an Official Advanced VMware Security Ultimate Bootcamp® Course prior to taking the test.
- Pass the proctored examination with a score of 75% or better.
The cost of the Certified Virtualization Security Expert® certification is $295.00. Testing is available at authorized VMTraining testing centers throughout the world. Click here to purchase a certification exam voucher.