Your SlideShare is downloading. ×
Kevin wharram
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Kevin wharram

865
views

Published on

This presentation covers virtualization and private cloud security

This presentation covers virtualization and private cloud security

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
865
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  •   
  •   
  • 03/05/11 Integrated Solutions Management, Inc. Enterprise Governance in a Virtual World
  • Virtual Desktop Infrastructure (VDI)
  • Previously, it made a lot of sense to dedicate a separate physical server to each specific application. By isolating applications on dedicated hardware, you could limit their exposure to potential security threats – and when security failures did happen, you could limit them to a single machine. By dedicating a physical computer and its operating system to a single application, IT departments maintain greater protection against attackers, who have to find another way in. Virtualization platforms have made it far easier and much faster to create and deploy servers and applications than was possible when physical limitations governed system rollouts.
  • Transcript

    • 1.  
    • 2. Welcome Kevin Wharram, CISSP, CISM, CEH, EnCE, GCFA, 27001 Lead Auditor Member of the ISACA Security Advisory Group at ISACA London Chapter My interests are in – Forensics, Virtualization and Cloud Security
    • 3.
      • What is Virtualization?
      • Server Virtualization Analogy
      • Virtualization Security
      • Virtualization Compliance
      • What is Cloud Computing?
      • What is a Private Cloud?
      • Private Cloud Security
      Agenda
    • 4. What is Virtualization? Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system (OS), a server, a storage device or network resource. Source - http://en.wikipedia.org/wiki/Virtualization
    • 5. What is Virtualization cont.
      • Virtualization presents hardware resources as virtual resources:
      • CPU
      • Memory
      • Storage (Disk)
      • Network Interface (NIC)
    • 6.
      • Not a new concept
      • First developed in the 1960s and was better known as time-sharing
      • IBM developed the idea of a Virtual Machine Monitor (VMM) which is also know as a Hypervisor
      History of Virtualization
    • 7.
      • Server Virtualization
      • Desktop Virtualization or (VDI)
      • Application Virtualization
      • Network Virtualization
      • Storage Virtualization
      Types of Virtualization
    • 8. Server Virtualization
    • 9.
      • Encapsulate OS and present “virtual hardware”
      • Run many OS on single hardware platform
      • Consolidate underutilized servers
      • VMware (vSphere), Microsoft (Hyper-V), Citrix (XenServer) and Solaris Containers
      What is Server Virtualization?
    • 10. Server Virtualization Analogy Hotel VS Holiday Home
    • 11. Copyright © 2004 VMware, Inc. All rights reserved. Traditional Server Server without Virtualization Holiday Home
    • 12. Virtualized Server Hotel Server with Virtualization
    • 13. Desktop Virtualization
    • 14.
      • Desktop virtualization separates a personal computer desktop environment from a physical machine using a client–server model of computing
      • Desktop virtualization is sometimes referred to as Virtual Desktop Infrastructure (VDI)
      What is Desktop Virtualization?
    • 15.
      • Remote Desktop (RDS) is different to VDI
      • With (RDS), all users are sharing the same OS. With VDI, each user has their own real OS (could be dedicated or from a pool)
      • VMware View, Citrix (XenDesktop) and Kaviza
      What is Desktop Virtualization cont.
    • 16. Application Virtualization
    • 17.
      • Encapsulate applications (run conflicting applications on same system, i.e. IE 7 and IE8)
      • Avoid apps corrupting (OS)
      • Application delivery (Stream, ESD, Other)
      • VMware (ThinApp), Microsoft (App-V) and Citrix ( XenApp)
      What is Application Virtualization?
    • 18. Network Virtualization
    • 19.
      • Network virtualization is a method used to combine computer network resources into a single platform, known as a virtual network
      • Not a new concept
      • Virtual private networks (VPNs) are widely used
      • Virtual Local Area Networks (VLANs) are a form of network virtualization
      What is Network Virtualization?
    • 20. Physical Network
    • 21. VMware Virtual Network
    • 22. Storage Virtualization
    • 23.
      • Storage virtualization is the amalgamation of multiple network storage devices into what appears to be a single storage unit. Storage virtualization is often used in SAN (storage area networks).
      • Source http :// www.webopedia.com/TERM/S/storage_virtualization.html
      What is Storage Virtualization?
    • 24. Virtualization Security
    • 25. Industry Comments ESG Research indicates that security professionals lack virtualization knowledge and best practice models for server virtualization security. Gartner survey: “ 40% of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages.” Gartner analyst Neil MacDonald wrote: “Virtualization is not inherently insecure. However, most virtualized workloads are being deployed insecurely.“
    • 26.
      • Patching
      • Disaster Recovery
      • Investigation
      • Forensics
      Virtualization Security Benefits
    • 27.
      • Virtual environment misconfiguration
      • Processes
      • Lack of Controls
      • Access Controls
      • Software Vulnerabilities
      • Malware
      Virtualization Security Issues
    • 28.
      • vCenter
      • Networking, vSwitches, Cisco Nexus 1000v, vLANs
      • Storage
      • Logging
      • Monitoring
      VMware vSphere Security
    • 29. Virtualization Compliance
    • 30.
      • New technologies introduce new components and processes causing conflict with standards and policies
      • Internal policies and standards need to be updated to reflect virtualization technology
      • Industry standards, PCI DSS, HIPA, etc, sometimes lag technology
      Compliance Issues
    • 31. Controls Policies & Compliance Processes & Standards Compliance Pyramid
    • 32. Cloud Computing
    • 33. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Source - http://www.nist.gov/itl/cloud/index.cfm
    • 34.
      • Private cloud
      • Public cloud
      • Community cloud
      • Hybrid cloud
      Types of Cloud Computing
    • 35. What is a Private Cloud?
      • Operated solely for an organization
      • May be managed by the organization or a third party
      • May exist on-premise or off-premise
    • 36. Private Cloud Security Most of the virtualization controls that we spoke about earlier, would apply to the Private Cloud as you control the “Private Cloud.”
    • 37. Controls Organisation Due-Diligence Processes & Standards Compliance Pyramid
    • 38. Resources NIST guide to Security for Full Virtualization Technologies http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf VMware hardening guides http://blogs.vmware.com/security/2010/04/vsphere-40-hardening-guide-released.html Cloud Security Alliance http://www.cloudsecurityalliance.org/ NIST Definition of Cloud Computing http://www.nist.gov/itl/cloud/index.cfm Center for Internet Security (CIS) Benchmarks on Server Virtualization http://cisecurity.org/en-us/?route=downloads.benchmarks Defense Information System Agency (DISA) http://iase.disa.mil/stigs/index.html
    • 39. Questions? Kevin Wharram [email_address]