Security in Virtualization & The Cloud

From March 8, 2010 to March 9, 2010

First this workshop we will introducing the elements of virtualization and cloud architecture as well as the most important attacks. Also possible threats and vulnerabilities will be presented. We will explain design questions, security-relevant processes and typical policy and management elements, too.

Furthermore we will discuss hardening directives, (Audit) checklists, configuration aspects of the virtual infrastructure and the management access.

After this two days of intensive hands-on study you will be able to understand the virtualized world an how to make it more secure.

Agenda:

Basic concepts and terminology Typical elements of and essential solutions Attacks overview in the virtualization itself * Guest -> Guest * Guest -> Host * Attacks on Mgmt

Attacks overview in/against the cloud (e.g. Cloudburst, Data theft,…)
Attacks tools
How to fuzz a Hypervisor (exercise/demo on VMware ESX)
The “Rogue VMs” problem
Realization of an exemplary risk assessment
Typical policy elements when using
Security processes (patching, change management etc.)
General hardening steps & (audits) listen
Security aspects of the so called “vSwitch”
Virtual Infrastructure and the Securityconcepts behind
Securing the management interfaces
Defining a role concept for a virtual world
Commercial add-on tools: classification, presentation, demo/exercise on VMware ESX (Blue Lane, Montego, RSA Reflex]
Technology forecast on virtualization and the cloud

In case all participants are German speakers (and this is what we expect) the workshop will be held in German. The training material is in English though.