Chapter 1
Course Introduction and Methodology

Chapter 2
Penetration Testing 101

• What is a Penetration Test?
• What does a Hack Cost You?
• Penetration Testing Methodologies
• Information Gathering (HOL)
• Scanning (HOL)
• Enumeration (HOL)
• Tools of the Trade (HOL)
• Website Review – How to stay up to date!
• Hashing, Encryption and Certificates. (HOL)
• Different Types of Exploits! (HOL)
• Where do we start with vSphere?

Chapter 3
Primer and Reaffirming our Knowledge

• What is Virtualization?
• Hypervisor Types
• ESX vs ESXi
• vSphere 4.1 Product Features
• Management Interfaces (HOL)
• DRAC/iLO
• Web Interface
• SSH via Putty
• vSphere Client, ESX/i and vCenter
• vMA, vCLI, Powershell, PowerGUI
• Communication Ports
• General Administrative Features (HOL)
• vCenter Views
• Tasks and Alarms
• VM Administration
• Advanced Administrative Features (HOL)
• DRS
• HA
• Fault Tolerance

Chapter 4
Security Architecture, vCPU, vMemory

• Linux Kernel Architecture
• Linux Files System
• ESX/i File Structure
• Log Files (HOL)
• ESX/i and vCenter
• Security Architecture
• Virtual Machine Monitor
• Security Roles and Permissions (HOL)
• VMsafe – Security at its finest
• vCPU (HOL)
• Buffer Overflow Protection
• vCPU Availability
• vMemory
• Transparent Page File Sharing
• Balloon Driver
• Swap File
• Compression
• Hyperspacing

Chapter 5
Routing and the vNetwork

• Networking Components
• vSwitch
• vNIC
• Port Groups
• Uplinks
• Physical Switch Configuration (HOL)
• NIC Teaming (HOL)
• Load Balancing
• Failover
• Security Features
• VLAN's (HOL)
• vDS
• Private VLAN
• Network I/O Control
• Cisco Nexus 1000v
• Network Routing (HOL)

Chapter 6
vStorage – Architecture and Security Implementations

• Virtualized Storage (HOL)
• Pluggable Storage Architecture
• Storage Control
• vSphere API for Array Integration
• Fiber Channel
• LUN Masking
• SAN Zoning
• Fiber Channel Attacks
• Securing Fiber Channel
• iSCSI (HOL)
• Software vs Hardware Initiators
• iSCSI Security Features
• 1. CHAP
• 2. IPSec
• Securing iSCSI

Chapter 7
Hardening the Virtual Machines

• Harden the Server
• Unnecessary Functions
• Using Templates (HOL)
• VM Isolation (HOL)
• VM Advanced Settings (HOL)
• SetInfo Hazard
• VMCI (HOL)
• Isolation Tools (HOL)
• VMsafe Settings

Chapter 8
Hardening the Host

• Service Console Security (HOL)
• Password Integrity
• sudo
• Wheel Group
• File System Integrity
• Encrypted Communication
• DCUI – Direct Console User Interface (HOL)
• CIM – Common Information Model (HOL)
• Tech Support Mode (HOL)
• Proxy.xml
• ESXi Lockdown Mode

Chapter 9
Hardening Virtual Center

• Limiting Administrative Access (HOL)
• Limiting Network Connectivity
• Server Certificate Replacement (HOL)
• Controlling Log Files (HOL)
• Custom Rules
• Update Manager
• VMware Converter
• Managing the vCenter Clients (HOL)
• vShield (HOL)

Chapter 10
Virtualizing your DMZ

• DMZ Virtualization with the VMware Infrastructure
• Virtualized DMZ Networks
• Three Typical Virtualized DMZ Configurations
• Partially Collapsed DMZ with Separate Physical Trust Zones
• Partially Collapsed DMZ with Virtual Separation of Trust Zones
• Fully Collapsed
• Best Practices for Achieving a Secure Virtualized DMZ Deployment (HOL)
• Harden and Isolate the Service Console
• Clearly Label Networks for each Zone
• Set Layer 2 Security Options on Virtual Switches
• Separation of Duties
• Use ESX Resource Management Capabilities
• Regularly Audit Virtualized DMZ Configuration
• Common Attack Vectors (HOL)
• SSLv3/TLS Renegotiation
• Web Access Vulnerabilities

Chapter 11
3rd Party Mitigation Tools

• Altor Networks
• Catbird's vCompliance (HOL)
• HyTrust
• Reex Systems VM
• CheckPoint Virtual Appliances
• Trend Micro (HOL)
• TripWire Configuration Management

Chapter 12
Putting it all Together

• Looking back at the key security issues for all topics covered
• Design thoughts
• Final Hands On Lab – Can you secure your environment?