Securing the Virtual Environment

Course:  SECVE
Duration:  3 Days
Level:  I
Course Summary

This 3-day course offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities unique to virtual environments. The courseware includes a companion DVD with recipes and testing scripts to arm staff with the tools they need to protect against common threats.

« Hide The Details
Topics Covered In This Course

The Context of Cloud and Virtualized Environment Attacks

  • Introduction to the Cloud
  • Managing Cloud Security
  • Principles of Information Security
  • The Human Factor
  • Managing Cloud Risks
  • Managing Cloud Compliance

Attacking from the Outside

  • HR Policies and Procedures
  • Configuring Cloud Audit Logs
  • Outsourced and Offshored Resources
  • SaaS Software Development at ?Cloud Speed?
  • Ensuring Continuity
  • Spoofing a Certificate

Making the Complex Simple

  • Checking to See If Anyone Is Watching
  • Checking for Gaps in Awareness and Responsiveness
  • Hypervisor, Director, Orchestrator, Manager
  • Detecting Layers of Virtualization Technology
  • Identifying and Targeting Assets
  • Timing an Attack

Denial of Service

  • Variations
  • Finding Service Vulnerabilities
  • Testing for Denial
  • Exploiting Service Vulnerabilities
  • Breaking Connections Between Services
  • Exhausting Resources

Abusing the Hypervisor

  • Relating Physical to Virtual
  • Compromising the Kernel
  • Breaking Out of KVM
  • Finding the Different Yet Old Attack Surfaces
  • Escaping Jails, Sandboxes, and Buffers
  • Every Door Is the Front Door

Finding Leaks and Obtaining a Side Channel

  • Working Around Layer 2 and Layer 3 Controls
  • Becoming a Regular Man in the Middle
  • Mayhem with Certificates
  • Eliciting a Response by Manipulating State
  • Working on Shared Paths
  • Co-Tenancy

Forcing an Interception

  • Mapping the Infrastructure
  • Abuse of Management Interfaces
  • Getting around API Blockades
  • Finding Secure Boundaries

Abusing Software as a Service

  • Managing Identities
  • Finding Confidentiality and Integrity Bugs
  • Secure Development
  • The Ubiquity of the Browser
  • Average Users and the Pain of Software Evolution
  • The Risks of SaaS

Building Compliance into Virtual and Cloud Environments

  • Compliance versus Security
  • Working with Auditors and Assessors
  • Managing Expectations
  • Managing Change
  • Compliance Requirements: ISO 27001, SAS 70, SOC 2, HIPAA, FISMA, NIST, FedRAMP etc
What You Can Expect

At the end of this course, delegates will be able to:

  • Describe the difference of virtual versus traditional computing models and the appropriate technology and procedures to defend it from attack
  • Dissect and expose attacks targeted at the virtual environment and perform the steps necessary for defence
  • Prepare for and deal with information security incidents in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations
Who Should Take This Course

IT managers, vendors, and architects of virtual environments as well as auditors assessing those environments.

Recommended Prerequisites

Students should have a high-level understanding of general IT management and virtualization as well as IT and information security.

Training Style

Instructor-led with 50% lecture and 50% hands-on workshops using a Virtual Attack Test Lab evolving during the course.

« Hide The Details
Related Courses
Code Course Title Duration Level
SEC4T
Security Awareness For Technologists
2 Days
I
Details
CLOUDE
Cloud and Virtualization Essentials
4 Days
I
Details
SMAC
Security Management and Control (Deployment/Maintenance of Confidential Data)
5 Days
I
Details
SEC4M
Security Awareness For Management
2 Days
I
Details
UXAUD
UNIX Audit and Security
5 Days
I
Details
MFAUDIT
The IBM Mainframe Environment for IT Auditors
3 Days
I
Details
SS8SEC
SQL Server Security and Auditing
2 Days
II
Details
LNXSEC
Linux Security
5 Days
II
Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at info@verhoef.com