You are previewing Hyper-V Security.
O'Reilly logo
Hyper-V Security

Book Description

Secure your Hyper-V hosts, their guests, and critical services from intruders and malware

In Detail

Keeping systems safe and secure is a new challenge for Hyper-V Administrators. As critical data and systems are transitioned from traditional hardware installations into hypervisor guests, it becomes essential to know how to defend your virtual operating systems from intruders and hackers.

Hyper-V Security is a rapid guide on how to defend your virtual environment from attack.

This book takes you step by step through your architecture, showing you practical security solutions to apply in every area. After the basics, you'll learn methods to secure your hosts, delegate security through the web portal, and reduce malware threats.

What You Will Learn

  • Defend the network and disk resources that Hyper-V relies on
  • Control access to Hyper-V, both locally and remotely
  • Automate security policies using Group Policy
  • Leverage Hyper-V's isolation features to protect services while still providing necessary access to resources
  • Combine Hyper-V with external technologies to provide a strong defense-in-depth system
  • Identify and explain security needs to organization officials reluctant to provide proper funding
  • Protect your virtual infrastructure when System Center VMM is present
  • Make management of multiple on-premise private clouds and Azure-based public clouds more secure with App Controller
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

    Table of Contents

    1. Hyper-V Security
      1. Table of Contents
      2. Hyper-V Security
      3. Credits
      4. About the Authors
      5. About the Reviewers
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
          3. Instant updates on new Packt books
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Introducing Hyper-V Security
        1. The importance of Hyper-V security
          1. Your clients expect it
          2. Your stakeholders expect it
          3. Your employees and volunteers expect it
          4. Experience has taught us that security is important
          5. Weak points aren't always obvious
          6. The costs of repair exceeds the costs of prevention
        2. Basic security concerns
          1. Attack motivations
          2. Untargeted attacks
          3. Targeted attacks
          4. The computing device
          5. The network
          6. Data-processing points
          7. Data storage
          8. People
        3. A starting point to security
        4. Hyper-V terminology
        5. Acquiring Hyper-V
          1. Hyper-V Server
          2. Windows Server
          3. Client Hyper-V
        6. Summary
      9. 2. Securing the Host
        1. Understanding Hyper-V's architecture
        2. Choosing a management operating system
          1. Hyper-V Server
          2. Windows Server – full GUI installation
          3. Windows Server – Core installation
          4. Windows Server – Minimal Server Interface installation
          5. Switching between Windows Server modes
          6. Practical guidance to chose a deployment
        3. Disabling unnecessary components
        4. Using the Windows Firewall
        5. Relying on domain security
        6. Leveraging Group Policy
          1. Exporting SCM baselines
          2. Importing a policy into Group Policy Management Console
          3. Applying SCM baselines to Local Group Policy
            1. Enabling LocalGPO in Windows and Hyper-V Server 2012 R2
        7. Using security software
        8. Configuring Windows Update
          1. Manual patching
          2. Fully automated patching
          3. Staggered patching
          4. Guinea pig systems
        9. Employing remote management tools
        10. Following general best practices
          1. Microsoft baseline security analyzer
          2. Hyper-V Best Practices Analyzer
            1. Running the Hyper-V BPA from Server Manager
            2. Running the Hyper-V BPA from PowerShell
          3. Other practices
        11. Summary
      10. 3. Securing Virtual Machines from the Hypervisor
        1. Using the Hyper-V Administrators group
          1. Using Group Policy to control Hyper-V Administrators
          2. Powers of Hyper-V Administrators
        2. Leveraging PowerShell Remoting
          1. Configuring PowerShell Remoting and its basic usage
          2. Workgroup and inter-domain PowerShell Remoting
            1. Certificate-based PowerShell Remoting
              1. Configuring the Host SSL certificate
              2. Configuring the Remote System
          3. TrustedHosts-based PowerShell Remoting
            1. Choosing between SSL and TrustedHosts
          4. Example – PowerShell Remoting with Invoke-Command
        3. Using custom PowerShell Remoting endpoints
          1. Practical custom PowerShell Remoting endpoints
        4. Summary
      11. 4. Securing Virtual Machines
        1. Understanding the security environment of VMs
          1. Process isolation
          2. Memory isolation
          3. Hard disk isolation
          4. Network isolation
          5. Other hardware
          6. Practical approaches to isolation security
        2. Leveraging Generation 2 virtual machines
        3. Employing anti-malware on a virtual machine
          1. Considering intrusion prevention and detection strategies
        4. Using Group Policy with virtual machines
        5. Limiting exposure with resource limitations
          1. Virtual processor limits
          2. Memory limits
          3. Hard drive I/O limits
          4. Virtual network limits
        6. Applying general best practices
        7. Summary
      12. 5. Securing the Network
        1. Understanding SSL encryption
        2. Leveraging network hardware
          1. Hardware firewalls
        3. Using the virtual switch's isolating technologies
          1. Multiple switch types
          2. Virtual LAN
            1. Using PowerShell to control VLANs on virtual adapters
          3. Private VLAN
          4. Using PowerShell to configure private VLANs
          5. Network virtualization
        4. Employing Hyper-V virtual switch ACLs
          1. Using basic port ACLs
          2. Using extended port ACLs
          3. Practical ACL usage
        5. Configuring the Windows Firewall
        6. Using management tools remotely
          1. Enabling Remote Desktop
          2. Enabling other remote management tools
          3. Remote access for non-domain-joined machines
        7. Using Hyper-V with IPsec
        8. Configuring virtual network adapter protections
          1. MAC address settings
          2. DHCP guard
          3. Router guard
          4. Port mirroring
          5. Setting Hyper-V protections using Powershell
        9. Encrypting cluster communications
        10. Securing Hyper-V Replica traffic
        11. Summary
      13. 6. Securing Hyper-V Storage
        1. Configuring NTFS security for VM storage
        2. Securing SMB 3.0 shares for VM storage
          1. Administrative and hidden shares
        3. Securing iSCSI connections
          1. Physical and logical isolation
          2. iSCSI security options
        4. Using Secure Boot
        5. Using BitLocker
        6. Understanding the role of backup
        7. Summary
      14. 7. Hyper-V Security and System Center VMM
        1. Enhancing Hyper-V host security through VMM
          1. The user role group descriptions
          2. Run as accounts
        2. Securing the VMM installation
          1. VMM library shares
          2. Anything else?
        3. Network virtualization and multi-tenancy
        4. Providing secure self-service with the Windows Azure Pack
          1. DOS and DDOS attacks
        5. Summary
      15. 8. Secure Hybrid Cloud Management through App Controller
        1. System requirements
        2. Installing App Controller
          1. Connecting clouds to App Controller
        3. App Controller's role-based security model
        4. Summary
      16. Index