You are previewing Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD.
O'Reilly logo
Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD

Book Description

A step-by-step guide to identifying and defending against attacks on the virtual environment

As more and more data is moved into virtual environments the need to secure them becomes increasingly important. Useful for service providers as well as enterprise and small business IT professionals the book offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities unique to virtual environments. A companion DVD is included with recipes and testing scripts.

  • Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack

  • Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense

  • Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations

  • Accompanying DVD includes hands-on examples and code

This how-to guide arms IT managers, vendors, and architects of virtual environments with the tools they need to protect against common threats.

Note: The ebook version does not provide access to the companion files.

Table of Contents

  1. Cover
  2. Chapter 1: Virtualized Environment Attacks
    1. A Brief Introduction to the Cloud
    2. Managing Cloud Security
    3. Managing Cloud Risks
    4. Managing Cloud Compliance
    5. Making Use of Warnings
    6. Summary
  3. Chapter 2: Attacking from the Outside
    1. Who Is an Outsider?
    2. Delegating and Spreading Roles in Order to Scale
    3. Summary
  4. Chapter 3: Making the Complex Simple
    1. Looking Around Without Getting Caught
    2. Slicing and Dicing Data
    3. Identifying and Targeting Assets
    4. Timing an Attack
    5. Summary
  5. Chapter 4: Denial of Service
    1. Finding Signal in Noise
    2. Defining Success
    3. Finding Service Vulnerabilities
    4. Exploiting Service Vulnerabilities
    5. Summary
  6. Chapter 5: Abusing the Hypervisor
    1. Replacing Hardware Layers with Software
    2. The Cup Is Half Secure
    3. Escaping Jails, Sandboxes, and Buffers
    4. Summary
  7. Chapter 6: Finding Leaks and Obtaining a Side Channel
    1. Peeping Toms
    2. Noisy Neighbors
    3. Summary
  8. Chapter 7: Logging and Orchestration
    1. Logging Events
    2. Testing Incident Responsiveness
    3. Orchestration: Good and Evil
    4. Summary
  9. Chapter 8: Forcing an Interception
    1. Mapping the Infrastructure
    2. Finding and Exploiting the Middle Ground
    3. Summary
  10. Chapter 9: Abusing Software as a Service
    1. When All You Are Is a Nail, Everything Wants to Be a Hammer
    2. The Ubiquity of the Browser
    3. The Risks of SaaS
    4. Summary
  11. Chapter 10: Building Compliance into Virtual and Cloud Environments
    1. Compliance versus Security
    2. Summary
  12. Appendix A: Building a Virtual Attack Test Lab
    1. Components of the Virtual Penetration Testing Lab
    2. Building the Gateway
    3. Building the ESXi Hypervisor System
    4. Building Xen
    5. Building KVM
    6. Using Your Virtual Environments: Virtual Attacks
    7. Where to Go from Here
  13. Appendix B: About the Media
  14. Wiley Publishing, Inc.End-User License Agreement
  15. Introduction
  16. Download CD or DVD content