This seminar will focus on the audit and security issues related to the use of Virtual Machine environments.

• Detailed discussion of VMware Virtual Machine architecture and security components (VMware vSphere)
• Detailed discussion of VMware ESX Server & VMware vCenter security and control features

1. VM Concepts

• Virtual Machine Concepts
• Hypervisors
• VMware ESX Server Overview
• VMware vCenter and Virtual Center Overview
• Security Architecture and Design Issues
• Audit & Control Objectives
• Threats & Vulnerabilities
• VMware vSphere4

2. VMware ESX Server Audit

• Audit Objectives and Checklists for the ESX Server and vCenter Environments
• Security Configuration Standards
• Configuration and Patch Management
• Security Management
• Service Console Security Configuration
• Host Level Management Security
• User Account Controls (e.g. ssh; sudo)
• Controlling Administrator Access
• Directory & File Permissions
• Logging & Monitoring
• VM Files and Settings
• Guest VM Configuration
• Guest to Host Isolation Controls
• Network and Firewall Security

3. VMware vCenter Audit

• Architecture & Design
• Auditing Management Server Configuration and Components
• Inventory Control Areas
• Virtual Center Users
• Controls over Administrative Users (Data Center Administrator, VM Administrator etc.)
• Roles (e.g. System and Sample Roles) and Objects
• Permissions and Permission Privileges Group Management
• Security Monitoring

4. Cloud Computing

• Concepts Overview
• Security and Control Issues

5. Security and Audit Tools & Techniques

• Audit Tools & Scripts

Note: session will include discussion of other VM Technologies in the Concepts session, including:

• Microsoft Hyper-V
• Citrix XEN Server
• Solaris Containers
• Linux VM
• Microsoft Virtual Server & PC
• VirtualBox
• VMware ESXi server; Player; Workstation
• VMware vSphere4