Rating:
(3 reviews)
Author: Davi Ottenheimer
ISBN : 1118155483
New from $7.94
Format: PDF, EPUB
Posts about Download The Book Free Securing the Virtual Environment, Included DVD: How to Defend the Enterprise Against Attack from with Mediafire Link Download Link
A step-by-step guide to identifying and defending against attacks on the virtual environmentAs more and more data is moved into virtual environments the need to secure them becomes increasingly important. Useful for service providers as well as enterprise and small business IT professionals the book offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities unique to virtual environments. A companion DVD is included with recipes and testing scripts.
- Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack
- Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense
- Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations
- Accompanying DVD includes hands-on examples and code
This how-to guide arms IT managers, vendors, and architects of virtual environments with the tools they need to protect against common threats.
Download latest books on mediafire and other links compilation Free Securing the Virtual Environment, Included DVD: How to Defend the Enterprise Against Attack [Paperback]
- Paperback: 456 pages
- Publisher: Wiley; 1 edition (May 8, 2012)
- Language: English
- ISBN-10: 1118155483
- ISBN-13: 978-1118155486
- Product Dimensions: 1 x 7.3 x 9.1 inches
- Shipping Weight: 1.6 pounds (View shipping rates and policies)
Free Securing the Virtual Environment, Included DVD: How to Defend the Enterprise Against Attack
One of the selling points around virtualization is about its perceived added level of security. But virtualization, like any other piece of software can be implemented incorrectly, and itself have flaws.
Last year, NIST came out with SP 800-125, Guide to Security for Full Virtualization Technologies. The guide is intended for system administrators, security program managers, security engineers and anyone else involved in designing, deploying or maintaining full virtualization technologies.
NIST SP 800-125 recommends organizations do the following:
* secure all elements of a full virtualization solution and maintain their security
* restrict and protect administrator access to the virtualization solution
* ensure that the hypervisor, the central program that runs the virtual environment, is properly secured
* carefully plan the security for a full virtualization solution before installing, configuring and deploying it
All good items to do; but at 25 pages, SP 800-125 is clearly inadequate to cover all of the details around how to securely use virtualization. With that, Securing the Virtual Environment: How to Defend the Enterprise Against Attack, by Davi Ottenheimer and Matthew Wallace is a great new book that that provides a comprehensive overview on how to secure systems and defend against attacks on virtualized environments.
The book takes a very strong approach that in order to secure virtualization effectively, one needs to understand how adversaries will attack a virtualized environment. The authors provide numerous details on how to precisely do that.
The book is a highly technical guide meant for those designing, deploying and administering virtualized systems.
I have been meaning to get to this review for a while, as I have had the book since it came out. In a nutshell, Davi and Matthew have done a fantastic job outlining general premises of virtsec, as well as detailed attack methods and examples for all aspects of a typical virtual environment. My general notes on each chapter are as follows:
1. "Virtualized Environment Attacks" - this chapter lays out a lot of terminology and general theory on virtualization and why it's vulnerable technology. This book is really geared towards a security audience, so I found a lot of the infosec basics in this chapter unnecessary, but I see why they're there.
2. "Attacking from the Outside" - this chapter breaks down the differences between outside and internal attacks, and show why and how roles and privileges play a big role in the security ecosystem, especially around virtualization. Great discussion and examples on some basic technology issues, like reliance on certificates and automated patching.
3. "Making the Complex Simple" - Really cool chapter on enumeration of virt and cloud systems and applications. How to time attacks, how to "read between the lines" on scanner output when looking at cloud infrastructure, etc.
4. "Denial of Service" - Those of us in the virtsec space know how DoS attacks can be executed differently in virtual environments, but the authors do a nice job of breaking these attacks down. Covers all manner of DoS attacks, including authentication DoS, remote packet-based DoS, resource over-consumption DoS, and more.
5. "Abusing the Hypervisor" - One of my two favorite chapters in the book. The authors explain how hypervisors are constructed, and how kernel attacks are possible and subtly different when done in virtual environments.