The well-respected SANS (SysAdmin, Audit, Network, Security) Institute, famous for its security training and certification program, launched today a new interesting course: Virtualization Security and Operations.
The description is promising:
Attendees will learn about virtualization security fundamentals, with an in-depth treatment of today’s most pressing virtualization security concerns: known attacks and threats, theoretical attack methods, and numerous real-world examples. Then we’ll turn our attention to today’s most popular enterprise server virtualization product, VMware Infrastructure 3. Attendees will learn about every aspect of locking down ESX Server and VirtualCenter management server, as well as best practices for securing the virtual machine guests that reside on ESX platforms. We’ll also cover virtualization networking techniques in detail, laying out proven strategies for proper segmentation, virtual switching and routing considerations, network access controls and layer 2 policies, as well as how to build virtual DMZs and integrate with existing network infrastructure.
Finally, attendees will learn essential strategies for securing storage interfaces to Virtual Infrastructure 3, as well as best practices for backup, recovery, and redundancy. We’ll then wrap up with extensive information about compliance ramifications from virtualization, strategies to create and maintain compliance-focused controls using VMware, and operations processes and concepts to focus on, such as change and configuration management, separation of duties, and least privilege…
The fact that the class is fully focused on VMware products only is a pity.
Covering at least the main three players (as Citrix is implementing Xen which is used by pretty much every other player) would be so much more useful.
Interestingly enough, two of the course authors work at ConfigureSoft: Dave Shackleford, the Director, Center for Policy and Compliance, and Chris Farrow, the Director of Product Group.