Workshop - Security in Virtualization & The Cloud

First this workshop we will introducing the elements of virtualization and cloud architecture as well as the most important attacks. Also possible threats and vulnerabilities will be presented. We will explain design questions, security-relevant processes and typical policy and
management elements, too.

Furthermore we will discuss hardening directives, (Audit) checklists, configuration aspects of the virtual infrastructure and the management access.

After this two days of intensive hands-on study you will be able to understand the virtualized world an how to make it more secure.

Agenda:

- Basic concepts and terminology
- Typical elements of and essential solutions
- Attacks overview in the virtualization itself
* Guest -> Guest
* Guest -> Host
* Attacks on Mgmt
- Attacks overview in/against the cloud (e.g. Cloudburst, Data theft,...)
- Attacks tools
- How to fuzz a Hypervisor (exercise/demo on VMware ESX)
- The "Rogue VMs" problem
- Realization of an exemplary risk assessment
- Typical policy elements when using
- Security processes (patching, change management etc.)
- General hardening steps & (audits) listen,
- Security aspects of the so called "vSwitch"
- Virtual Infrastructure and the Securityconcepts behind
- Securing the management interfaces
- Defining a role concept for a virtual world
- Commercial add-on tools: classification, presentation, demo/exercise
on VMware ESX (Blue Lane, Montego, RSA Reflex]
- Technology forecast on virtualization and the cloud

In case all participants are German speakers (and this is what we expect) the workshop will be held in German. The training material is in English though.