Server virtualization benefits with Windows Server 2012 R2 Hyper-V
HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.
-
Upload
sarah-jefferson -
Category
Documents
-
view
221 -
download
1
Transcript of HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.
![Page 1: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/1.jpg)
HOW TO SECURE AN ENTIRE HYPER-V NETWORK
by Virtualization Evangelist
David Davis
![Page 2: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/2.jpg)
TODAY’S SPEAKER
David Davis
• Video Training Author for www.Pluralsight.com, Blogger, Speaker
• CCIE, VCP, vExpert, and Former IT Manager of an enterprise datacenter
• My blog is www.VirtualizationSoftware.com
![Page 3: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/3.jpg)
WHY SECURITY IS SO IMPORTANT IN VIRTUALIZATION?
High-density Servers
larger impact if compromised
VM Sprawlinstant
provisioning, offline machines: more exposure
points
Intra-VM Trafficcreates blind spots, threats
bypass perimeter
Dynamic IT LoadsLive Migration, ever-changing security posture
![Page 4: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/4.jpg)
SECURITY IN LAYERS
The OSI stack model has seven layers:
Layer 7: Application Layer Layer 6: Presentation Layer Layer 5: Session Layer Layer 4: Transport Layer Layer 3: Network Layer Layer 2: Data Link Layer Layer 1: Physical Layer
By default, when thinking about network security, there is something of a tendency to focus on issues at Layer 3.
However, in reality, we need to look both up and down the stack to address the security risks we face today.
![Page 5: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/5.jpg)
TODAY’S NEED: ADDITIONAL LAYER OF HYPER-V PROTECTION
Multi-tenant protection
Network virtualization support
Control and protect intra-VM traffic
Stateful, deep packet inspection
Security follows VMs during Live
Migration
Granular QoS
Aggregate, analyze, audit logs
Agentless, incremental scan
Orchestrate scans
Set thresholds to avoid AV
storms
Centralized management
Proactive real-time
monitoring
Application level protection
Isolate VMs: security policies
Leverage Hyper-V Extension
Manage Risk, Improve Protection, Ensure Compliance
Additional Security and Compliance Capabilities
![Page 6: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/6.jpg)
5 BEST PRACTICES FOR SECURING HYPER-V
1. Isolate VMs with a virtual firewall
2. Use agentless anti-virus
3. Enforce compliance
4. Use intrusion detection system
5. Set up centralized management
![Page 7: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/7.jpg)
1. ISOLATE VMS WITH A VIRTUAL FIREWALL
Virtual Machine 1
Virtual Machine 2
Virtual Machine 3
Web ServersSecurity Group
DB ServersSecurityGroup
![Page 8: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/8.jpg)
2. USE AGENTLESS ANTI-VIRUS
![Page 9: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/9.jpg)
Incremental Anti-Virus Scan based on Changed Blocks Tracking (CBT)
Common Full System Anti-Virus Scan
1. Scans all the files over and over again
2. Takes from 40 MINUTES up to SEVERAL HOURS
3. Consumes valuable IOPS and Virtual Machine resources, heavy impact on host performance
1. Scans changes only2. Takes from SECONDS up
to 5-7 MINUTES3. Does not consume any
Virtual Machines resources, almost no affect on host performance
Perf
orm
ance
Perf
orm
ance
![Page 10: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/10.jpg)
Real FULL System Scans Log of Virtual Machine, Using CBT
This is what you want to see in a log after scanning Virtual Machine
Date Scanning Time
20.02.2014
25 seconds
19.02.2014
15 seconds
17.02.2014
30 seconds
18.02.2014
12 seconds!
![Page 11: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/11.jpg)
3. ENFORCE COMPLIANCE
Do regularly monitor and test networks/systems that have payment card data – IDS (Intrusion Detection System).
Do implement and enforce a company Information Security Policy.
Do install and keep up-to-date, a firewall that protects cardholder data stored within company systems – Virtual Firewall.
Do use and regularly update anti-virus software – Anti-virus with agentless capabilities.
PCI-DSS, HIPPA, Sarbanes-Oxley
![Page 12: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/12.jpg)
4. INTRUSION DETECTION
Real-time threat monitoring:
![Page 13: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/13.jpg)
5. CENTRALIZED MANAGEMENT
Management Console
Anti-Virus
Virtual Firewall IDS
![Page 14: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/14.jpg)
![Page 15: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/15.jpg)
5nine Cloud Security for Hyper-V
Agentless Anti-Virus/Anti-Malware
• Agentless: no degradation
• All versions of guest OS supported by Microsoft Hyper-V
• Fastest AV Scans available
• Orchestrate scans and set thresholds across VMs
• Staggered scanning
• Caching across VMs
• Centralized management
Agentless Intrusion Detection
• Industrial-strength
• Real-time threat monitoring
• Signature-based
• Block application-level attacks (WAF)
• Behavioral: build baseline for known attacks (WAF)
• Pro-active - detect, warn, block (WAF)
Agentless Virtual Firewall
• Isolate VMs: manage security programmatically per VM
• Control and protect inbound, outbound, intra-VM traffic
• Multi-Tenant protection and support of network virtualization
• Stateful, deep packet inspection
• Granular QoS
• Aggregate, analyze, audit logs
• Virtual Machine Security Groups
• User/Role - level access: support of Security and Auditor accounts
• Application-level protection against a wide range of exploits (WAF)
Enterprise-grade Aggregate security control
Simplified deployment
![Page 16: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/16.jpg)
• Easy-to-use, powerful multi-layered protection for Hyper-V: anti-malware, virtual firewall, network filtering, intrusion detection and more - agentless and integrated with System Center 2012 R2
• Built from ground-up for Microsoft Windows Server Hyper-V
• Certified extension for the Hyper-V Extensible Switch
Agentless deployment
Light-speed incremental scans
Inbound/outbound traffic throttling
Log, analysis, audit
Isolate, harden and secure every VM, secure intra-VM traffic
Live Migration support
Protection and compliance by VM, user, application, organizational unit
VM VM VM
Hyper-V SwitchExtension
CloudSecurity
Window Server Hyper-V Host
AV/AM
IDS
SECURING THE MODERN DATACENTER
![Page 17: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/17.jpg)
• Native: built from the ground-up for Windows Hyper-V
• Optimized for Windows Hyper-V
• Leverage Hyper-V Host vSwitch and Windows Filtering
• Agentless security approach
• Additional layer of protection and compliance
Security Built for Windows Server Hyper-V
• Integrated firewall, anti-virus/anti-malware, intrusion detection system
• Isolate and secure VMs by ID, names, org unit, user
• Support network virtualization and multi-tenant security
• Spot threats proactively
Multi-Layered Protection for Your VMs
✓
• Centralized management and control of security and compliance
• Administration of policies, rules, filters
• Log and analysis with full audit
• Powerful, yet easy-to-use
• Armed for the unexpected
Relieve Admin Headache
✓
• Lightweight agentless approach
• Maximize your consolidation ratio and density
• Won’t consume valuable Microsoft Hyper-V resources: no degradation of performance
• Supports Hyper-V 2012 R2, 2012: aligned with Hyper-V economics
Maximize Hyper-V Investment
✓✓
WHY FORWARD-THINKING COMPANIES CHOOSE 5NINE
Intensified Effort: Manage Security, Risk and Compliance
![Page 18: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/18.jpg)
QUESTIONS AND ANSWERS
Please put your questions into the chat box of GoToWebinar window:
I am joined by:Alexander Karavanov Virtualization Security Engineer5nine Software, Inc.
![Page 19: HOW TO SECURE AN ENTIRE HYPER-V NETWORK by Virtualization Evangelist David Davis.](https://reader036.fdocuments.in/reader036/viewer/2022062717/56649e195503460f94b05d19/html5/thumbnails/19.jpg)
THANK YOU FOR JOINING!Now you know how to secure an entire Hyper-V network in an optimal way.
Act now! Download your free trial of 5nine Cloud Security for Hyper-V from:
http://www.5nine.com/cloudsecurity
To request your personal product demo, please contact 5nine Software: [email protected]
+44 (20) 7048-2021 (7:00am-4:00pm GMT)