You are previewing VMware vSphere Security Cookbook.
O'Reilly logo
VMware vSphere Security Cookbook

Book Description

Over 75 practical recipes to help you successfully secure your vSphere environment

In Detail

Within the IT field, security is often a low priority when it comes to building new environments. As security compliance continues to gain prominence, proper and secure product configuration becomes even more important. Applying security to a complex virtual environment can be a daunting and time-consuming endeavor. This book provides a perfect plan for step-by-step configuration of vSphere 5.5 and its associated components.

The book starts by showing you how to configure the core vSphere components of the ESXi host before covering guest virtual machine security, user management, and network and storage security. Moving ahead, you will learn specifically about the configuration of X.509 certificates utilizing the SSL Certificate Automation Tool. The book concludes by taking you through VXLAN virtual wire configuration.

What You Will Learn

  • Harden your ESXi host and guest virtual machines to reduce the vulnerabilities in your system
  • Configure vCenter networks and storage security to establish secure virtual networks between environments
  • Install and configure vShield Manager and Data Security to manage anti-malware and anitvirus policies for your virtual environments
  • Set up vShield App and Edge, including firewall and VPN configurations to help secure your networks in your environment
  • Use Sophos Anti-virus to establish a vShield Endpoint to secure your environment
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. VMware vSphere Security Cookbook
      1. Table of Contents
      2. VMware vSphere Security Cookbook
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
          3. Instant updates on new Packt books
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Threat and Vulnerability Overview
        1. Introduction
        2. Risk overview
          1. Understanding defense-in-depth
        3. Hypervisor threats
        4. Hypervisor vulnerabilities
        5. Guest virtual machine threats
        6. Guest virtual machine vulnerabilities
        7. Network threats
        8. Network vulnerabilities
        9. Storage threats
        10. Storage vulnerabilities
        11. Physical threats
        12. Physical vulnerabilities
        13. Security concepts
          1. References
        14. Summary
      9. 2. ESXi Host Security
        1. Introduction
        2. Hardening the host via Console
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more
        3. Hardening the host via vSphere Client
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Configuring host services
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Configuring the host firewall
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more
            1. TPM encryption
          5. See also
      10. 3. Configuring Virtual Machine Security
        1. Introduction
        2. Configuring administrative access options
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Securing the guest OS
          1. Getting ready
          2. How to do it…
            1. Configuring the Windows 7 guest OS security
          3. Getting ready
          4. How to do it…
          5. How it works…
            1. Configuring the Windows Server 2008 R2 guest OS security
          6. Getting ready
          7. How to do it…
          8. How it works…
          9. There's more...
            1. Virtual machine antivirus
            2. Firewalls
          10. See also
        4. Guest virtual machine hardening
          1. Getting ready
          2. How to do it…
            1. Remove unnecessary virtual hardware
            2. Unexposed features
            3. Restricting data between the host and guest
            4. Restricting commands
            5. Limiting the guest OS writes to the host memory
          3. How it works…
          4. See also
        5. Configuring virtual machine resource isolation
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Configuring the standard image templates
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Managing snapshots
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      11. 4. Configuring User Management
        1. Introduction
        2. Configuring vCenter Single Sign-On
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Managing Single Sign-On users with vSphere Web Client
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Configuring Active Directory integration
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Managing Active Directory users and groups
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Assigning permissions
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Assigning administrative roles
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
      12. 5. Configuring Network Security
        1. Introduction
        2. Configuring Standard vSwitch security
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Configuring the port group security
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Configuring VLANs
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Creating DMZ networks
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Providing Distributed vSwitch security options

          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Configuring PVLANs
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
      13. 6. Configuring Storage Security
        1. Introduction
        2. Configuring network isolation
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Configuring iSCSI security
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Configuring Header and Data Digest
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Configuring the Fibre Channel security
          5. See also
      14. 7. Configuring vShield Manager
        1. Introduction
        2. Installing vShield Manager OVA
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Configuring vShield Manager settings
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Adding vShield licensing to vCenter
          1. Getting Started
          2. How to do it…
          3. How it works…
        5. Configuring SSL Security for Web Manager
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Configuring Single Sign-On
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Configuring user accounts and roles
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Configuring services and service groups
          1. Getting ready
          2. How to do it…
          3. How it works…
      15. 8. Configuring vShield App
        1. Introduction
        2. Installing vShield App
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Configuring vShield App using the Web Console
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Configuring vShield App Flow Monitoring
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Configuring vShield App Firewall
          1. Getting ready
          2. How to do it…
          3. How it works…
        6. Configuring vShield App SpoofGuard
          1. Getting ready
          2. How to do it…
          3. How it works…
      16. 9. Configuring vShield Edge
        1. Introduction
        2. Installing vShield Edge
          1. Getting ready
          2. How to do it…
            1. Configuring the Edge appliance
            2. Configuring Edge interfaces
          3. How it works…
        3. Managing appliances
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Managing interfaces
          1. Getting ready
          2. How to do it…
          3. How it works…
        5. Managing certificates and revocation lists
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        6. Managing firewall rules
          1. Getting ready
          2. How to do it…
          3. How it works…
        7. Managing NAT rules and static routes
          1. Getting ready
          2. How to do it…
          3. How it works…
        8. Managing the IPSec VPN service
          1. Getting ready
          2. How to do it…
          3. How it works…
        9. Managing SSL VPN-Plus
          1. Getting ready
          2. How to do it…
            1. Configuring the IP pool
            2. Configuring private networks
            3. Configuring authentication
            4. Configuring an installation package
          3. How it works…
        10. Configuring the load-balancing service
          1. Getting ready
          2. How to do it…
          3. How it works…
      17. 10. Configuring vShield Endpoint
        1. Introduction
        2. Installing vShield Endpoint
          1. Getting started
          2. How to do it…
          3. How it works…
        3. Configuring vShield Endpoint using an antivirus
          1. Getting started
          2. How to do it…
          3. How it works…
      18. 11. Configuring vShield Data Security
        1. Introduction
        2. Installing vShield Data Security
          1. Getting ready
          2. How to do it…
          3. How it works…
        3. Configuring the vShield Data Security policies
          1. Getting ready
          2. How to do it…
          3. How it works…
        4. Managing vShield Data Security reports
          1. Getting ready
          2. How to do it…
          3. How it works…
      19. 12. Configuring vSphere Certificates
        1. Introduction
        2. Configuring a Windows CA template
          1. Getting started
          2. How to do it…
          3. How it works…
          4. See also
        3. Requesting certificates from a Windows CA
          1. Getting started
          2. How to do it…
          3. How it works…
        4. Using SSL Certificate Automation Tool 5.5
          1. Getting started
          2. How to do it…
          3. How it works…
          4. There's more…
        5. Process certificate requests
          1. Getting started
          2. How to do it…
          3. How it works…
        6. Registering the Single Sign-On certificate
          1. Getting started
          2. How to do it…
          3. How it works…
        7. Registering the Inventory Service certificate
          1. Getting started
          2. How to do it…
          3. How it works…
        8. Registering the vCenter certificate
          1. Getting started
          2. How to do it…
          3. How it works…
        9. Registering the Web Client certificate
          1. Getting started
          2. How to do it…
          3. How it works…
        10. Registering the Log Browser certificate
          1. Getting started
          2. How to do it…
          3. How it works…
        11. Registering the Update Manager certificate
          1. Getting started
          2. How to do it…
          3. How it works…
        12. Installing an ESXi host certificate
          1. Getting started
          2. How to do it…
          3. How it works…
      20. 13. Configuring vShield VXLAN Virtual Wires
        1. Introduction
        2. Prerequisites for configuring VXLAN virtual wires
          1. Getting started
          2. How to do it…
            1. Ensuring the Managed IP address of vCenter is set
            2. Ensuring DHCP availability
            3. Setting a multicast address range and segment ID pool
            4. Setting up network connectivity for VXLAN traffic
            5. Verifying the distributed switch MTU setting
          3. How it works…
          4. There's more
        3. Configuring VXLAN virtual wires
          1. Getting started
          2. How to do it…
            1. Adding a VXLAN network scope
            2. Adding a VXLAN virtual wire
            3. Connecting a VXLAN virtual wire to vShield Edge
            4. Enabling services for the VXLAN virtual wire
            5. Connecting a virtual machine to a VXLAN virtual wire
          3. How it works…
        4. Testing VXLAN virtual wires
          1. Getting started
          2. How to do it…
          3. How it works…
          4. There's more
        5. Configuring firewall rules for VXLAN virtual wires
          1. Getting started
          2. How to do it…
          3. How it works…
          4. See also
      21. Index