SlideShare ist ein Scribd-Unternehmen logo

Kevin wharram

Als PPT, PDF herunterladen
Kevin Wharram
Kevin Wharram

This presentation covers virtualization and private cloud security

Technologie
1 von 39
 
Welcome Kevin Wharram, CISSP, CISM, CEH, EnCE, GCFA, 27001 Lead Auditor Member of the ISACA Security Advisory Group at ISACA London Chapter My interests are in – Forensics, Virtualization and Cloud Security
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Agenda
What is Virtualization? Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system (OS), a server, a storage device or network resource. Source - http://en.wikipedia.org/wiki/Virtualization
What is Virtualization cont. ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],History of Virtualization
[object Object],[object Object],[object Object],[object Object],[object Object],Types of Virtualization
Server Virtualization
[object Object],[object Object],[object Object],[object Object],What is Server Virtualization?
Server Virtualization Analogy Hotel VS Holiday Home
Copyright © 2004 VMware, Inc. All rights reserved. Traditional Server Server without Virtualization Holiday Home
Virtualized Server Hotel Server with Virtualization
Desktop Virtualization
[object Object],[object Object],What is Desktop Virtualization?
[object Object],[object Object],[object Object],What is Desktop Virtualization cont.
Application Virtualization
[object Object],[object Object],[object Object],[object Object],What is Application Virtualization?
Network Virtualization
[object Object],[object Object],[object Object],[object Object],What is Network Virtualization?
Physical Network
VMware Virtual Network
Storage Virtualization
[object Object],[object Object],What is Storage Virtualization?
Virtualization Security
Industry Comments ESG Research indicates that security professionals lack virtualization knowledge and best practice models for server virtualization security. Gartner survey: “ 40% of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages.” Gartner analyst Neil MacDonald wrote: “Virtualization is not inherently insecure. However, most virtualized workloads are being deployed insecurely.“
[object Object],[object Object],[object Object],[object Object],Virtualization Security Benefits
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Virtualization Security Issues
[object Object],[object Object],[object Object],[object Object],[object Object],VMware vSphere Security
Virtualization Compliance
[object Object],[object Object],[object Object],Compliance Issues
Controls Policies & Compliance Processes & Standards Compliance Pyramid
Cloud Computing
What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Source - http://www.nist.gov/itl/cloud/index.cfm
[object Object],[object Object],[object Object],[object Object],Types of Cloud Computing
What is a Private Cloud? ,[object Object],[object Object],[object Object]
Private Cloud Security Most of the virtualization controls that we spoke about earlier, would apply to the Private Cloud as you control the “Private Cloud.”
Controls Organisation Due-Diligence Processes & Standards Compliance Pyramid
Resources NIST guide to Security for Full Virtualization Technologies http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf VMware hardening guides http://blogs.vmware.com/security/2010/04/vsphere-40-hardening-guide-released.html Cloud Security Alliance http://www.cloudsecurityalliance.org/ NIST Definition of Cloud Computing http://www.nist.gov/itl/cloud/index.cfm Center for Internet Security (CIS) Benchmarks on Server Virtualization http://cisecurity.org/en-us/?route=downloads.benchmarks Defense Information System Agency (DISA) http://iase.disa.mil/stigs/index.html
Questions? Kevin Wharram [email_address]

Empfohlen

Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityEng Teong Cheah
 
Managing Application Config and Secrets
Managing Application Config and SecretsManaging Application Config and Secrets
Managing Application Config and SecretsEng Teong Cheah
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host SecurityEng Teong Cheah
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Cisco web ex cloud security
Cisco web ex cloud securityCisco web ex cloud security
Cisco web ex cloud securityebingeorge2010
 

Empfohlen

Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityEng Teong Cheah
 
Managing Application Config and Secrets
Managing Application Config and SecretsManaging Application Config and Secrets
Managing Application Config and SecretsEng Teong Cheah
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host SecurityEng Teong Cheah
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionEng Teong Cheah
 
Cisco web ex cloud security
Cisco web ex cloud securityCisco web ex cloud security
Cisco web ex cloud securityebingeorge2010
 
mod_security introduction at study2study #3
mod_security introduction at study2study #3mod_security introduction at study2study #3
mod_security introduction at study2study #3Naoya Nakazawa
 
CDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentCDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentSaltmarch Media
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Tech Summit 2016
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shellMadhu Akula
 
Mod Security
Mod SecurityMod Security
Mod SecurityAbhishek Singh
 
Operations Management Suite
Operations Management SuiteOperations Management Suite
Operations Management SuitePedro Sousa
 
Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Gets cisco security training
Gets cisco security trainingGets cisco security training
Gets cisco security trainingqosnetworking
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole BlueHat Security Conference
 
Strayer cis 333 entire course
Strayer cis 333 entire courseStrayer cis 333 entire course
Strayer cis 333 entire courseuopassignment
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
Future of Web Security Opened up by CSP
Future of Web Security Opened up by CSPFuture of Web Security Opened up by CSP
Future of Web Security Opened up by CSPMuneaki Nishimura
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLRMikhail Shcherbakov
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейсPositive Hack Days
 
Matriux
MatriuxMatriux
MatriuxPrajwal Panchmahalkar
 
Lession 3
Lession 3Lession 3
Lession 3Vietfreelancer Expert
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
Now Massachusetts foreclosure can be stopped
Now Massachusetts foreclosure can be stoppedNow Massachusetts foreclosure can be stopped
Now Massachusetts foreclosure can be stoppedMassachusettsforeclosurecenter
 
About Massachusetts Foreclosure law and lawyers
About Massachusetts Foreclosure law and lawyersAbout Massachusetts Foreclosure law and lawyers
About Massachusetts Foreclosure law and lawyersMassachusettsforeclosurecenter
 

Weitere ähnliche Inhalte

Was ist angesagt?

mod_security introduction at study2study #3
mod_security introduction at study2study #3mod_security introduction at study2study #3
mod_security introduction at study2study #3Naoya Nakazawa
 
CDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentCDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentSaltmarch Media
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Tech Summit 2016
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shellMadhu Akula
 
Operations Management Suite
Operations Management SuiteOperations Management Suite
Operations Management SuitePedro Sousa
 
Gets cisco security training
Gets cisco security trainingGets cisco security training
Gets cisco security trainingqosnetworking
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole BlueHat Security Conference
 
Strayer cis 333 entire course
Strayer cis 333 entire courseStrayer cis 333 entire course
Strayer cis 333 entire courseuopassignment
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
Future of Web Security Opened up by CSP
Future of Web Security Opened up by CSPFuture of Web Security Opened up by CSP
Future of Web Security Opened up by CSPMuneaki Nishimura
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейсPositive Hack Days
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 

Was ist angesagt? (20)

mod_security introduction at study2study #3
mod_security introduction at study2study #3mod_security introduction at study2study #3
mod_security introduction at study2study #3
 
CDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentCDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE Development
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
 
Mod Security
Mod SecurityMod Security
Mod Security
 
Operations Management Suite
Operations Management SuiteOperations Management Suite
Operations Management Suite
 
Mod security
Mod securityMod security
Mod security
 
Gets cisco security training
Gets cisco security trainingGets cisco security training
Gets cisco security training
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!
 
BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole BlueHat v17 || Down the Open Source Software Rabbit Hole
BlueHat v17 || Down the Open Source Software Rabbit Hole
 
Strayer cis 333 entire course
Strayer cis 333 entire courseStrayer cis 333 entire course
Strayer cis 333 entire course
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 
Future of Web Security Opened up by CSP
Future of Web Security Opened up by CSPFuture of Web Security Opened up by CSP
Future of Web Security Opened up by CSP
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLR
 
Хакеро-машинный интерфейс
Хакеро-машинный интерфейсХакеро-машинный интерфейс
Хакеро-машинный интерфейс
 
Matriux
MatriuxMatriux
Matriux
 
Lession 3
Lession 3Lession 3
Lession 3
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
 

Andere mochten auch

Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Microfix N.V. Bedrijfspresentatie
Microfix N.V. BedrijfspresentatieMicrofix N.V. Bedrijfspresentatie
Microfix N.V. BedrijfspresentatieBart_Koreman
 
Why Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureWhy Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureKevin Wharram
 
Folder Tbv Email01 (2)
Folder Tbv Email01 (2)Folder Tbv Email01 (2)
Folder Tbv Email01 (2)KoertK
 
Scisoare catre locuitorii casei"Terra"
Scisoare catre locuitorii casei"Terra"Scisoare catre locuitorii casei"Terra"
Scisoare catre locuitorii casei"Terra"Andrada Tataruca
 
David aaker-managementul-capitalului-unui-brand
David aaker-managementul-capitalului-unui-brandDavid aaker-managementul-capitalului-unui-brand
David aaker-managementul-capitalului-unui-brandAndrada Tataruca
 
2014 - AINS - the Cluster of Nutrition and Health
2014 - AINS - the Cluster of Nutrition and Health2014 - AINS - the Cluster of Nutrition and Health
2014 - AINS - the Cluster of Nutrition and HealthIgnasi Papell Garcia
 
CTNS-Technological Centre of Nutrition and Health
CTNS-Technological Centre of Nutrition and HealthCTNS-Technological Centre of Nutrition and Health
CTNS-Technological Centre of Nutrition and HealthIgnasi Papell Garcia
 
8th nizo dairy conference
8th nizo dairy conference8th nizo dairy conference
8th nizo dairy conferenceastridkemper
 
Scrisoare catre locuitorii casei "Terra'
Scrisoare catre locuitorii casei "Terra'Scrisoare catre locuitorii casei "Terra'
Scrisoare catre locuitorii casei "Terra'Andrada Tataruca
 

Andere mochten auch (15)

Now Massachusetts foreclosure can be stopped
Now Massachusetts foreclosure can be stoppedNow Massachusetts foreclosure can be stopped
Now Massachusetts foreclosure can be stopped
 
About Massachusetts Foreclosure law and lawyers
About Massachusetts Foreclosure law and lawyersAbout Massachusetts Foreclosure law and lawyers
About Massachusetts Foreclosure law and lawyers
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
Microfix N.V. Bedrijfspresentatie
Microfix N.V. BedrijfspresentatieMicrofix N.V. Bedrijfspresentatie
Microfix N.V. Bedrijfspresentatie
 
Why Have A Digital Investigative Infrastructure
Why Have A Digital Investigative InfrastructureWhy Have A Digital Investigative Infrastructure
Why Have A Digital Investigative Infrastructure
 
Folder Tbv Email01 (2)
Folder Tbv Email01 (2)Folder Tbv Email01 (2)
Folder Tbv Email01 (2)
 
WHAT SHOULD YOU KNOW AOUT Foreclosure
WHAT SHOULD YOU KNOW AOUT Foreclosure WHAT SHOULD YOU KNOW AOUT Foreclosure
WHAT SHOULD YOU KNOW AOUT Foreclosure
 
Scisoare catre locuitorii casei"Terra"
Scisoare catre locuitorii casei"Terra"Scisoare catre locuitorii casei"Terra"
Scisoare catre locuitorii casei"Terra"
 
Masachusetts Foreclosure can be avoided
Masachusetts Foreclosure can be avoidedMasachusetts Foreclosure can be avoided
Masachusetts Foreclosure can be avoided
 
David aaker-managementul-capitalului-unui-brand
David aaker-managementul-capitalului-unui-brandDavid aaker-managementul-capitalului-unui-brand
David aaker-managementul-capitalului-unui-brand
 
2014 - AINS - the Cluster of Nutrition and Health
2014 - AINS - the Cluster of Nutrition and Health2014 - AINS - the Cluster of Nutrition and Health
2014 - AINS - the Cluster of Nutrition and Health
 
Foreclosure can be avoided in a legal way
Foreclosure can be avoided in a legal wayForeclosure can be avoided in a legal way
Foreclosure can be avoided in a legal way
 
CTNS-Technological Centre of Nutrition and Health
CTNS-Technological Centre of Nutrition and HealthCTNS-Technological Centre of Nutrition and Health
CTNS-Technological Centre of Nutrition and Health
 
8th nizo dairy conference
8th nizo dairy conference8th nizo dairy conference
8th nizo dairy conference
 
Scrisoare catre locuitorii casei "Terra'
Scrisoare catre locuitorii casei "Terra'Scrisoare catre locuitorii casei "Terra'
Scrisoare catre locuitorii casei "Terra'
 

Ähnlich wie Kevin wharram

VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)Steven Aiello
 
Sneak peak of Cloud Computing
Sneak peak of Cloud ComputingSneak peak of Cloud Computing
Sneak peak of Cloud ComputingJamie Shoup
 
Advantages And Disadvantages Of Virtualization
Advantages And Disadvantages Of VirtualizationAdvantages And Disadvantages Of Virtualization
Advantages And Disadvantages Of VirtualizationElizabeth Anderson
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingTom Eberle
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
SYSAD323 Virtualization Basics
SYSAD323 Virtualization BasicsSYSAD323 Virtualization Basics
SYSAD323 Virtualization BasicsDon Bosco BSIT
 
Qinnova Cloud Computing Session
Qinnova Cloud Computing Session Qinnova Cloud Computing Session
Qinnova Cloud Computing Session aleyeldean
 
VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services VMUG IT
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technologysanjoysanyal
 
VMware vCloud Air: Introduction
VMware vCloud Air: IntroductionVMware vCloud Air: Introduction
VMware vCloud Air: IntroductionVMware
 
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsDerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsPatrick Coble
 
Virtualization meisen 042811
Virtualization meisen 042811Virtualization meisen 042811
Virtualization meisen 042811Morty Eisen
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
 

Ähnlich wie Kevin wharram (20)

VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
 
Cloud Technology: Virtualization
Cloud Technology: VirtualizationCloud Technology: Virtualization
Cloud Technology: Virtualization
 
Sneak peak of Cloud Computing
Sneak peak of Cloud ComputingSneak peak of Cloud Computing
Sneak peak of Cloud Computing
 
Hello cloud
Hello cloudHello cloud
Hello cloud
 
Advantages And Disadvantages Of Virtualization
Advantages And Disadvantages Of VirtualizationAdvantages And Disadvantages Of Virtualization
Advantages And Disadvantages Of Virtualization
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Virtulization submission
Virtulization submissionVirtulization submission
Virtulization submission
 
SYSAD323 Virtualization Basics
SYSAD323 Virtualization BasicsSYSAD323 Virtualization Basics
SYSAD323 Virtualization Basics
 
Qinnova Cloud Computing Session
Qinnova Cloud Computing Session Qinnova Cloud Computing Session
Qinnova Cloud Computing Session
 
VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services VMware - vCloud Hybrid Services
VMware - vCloud Hybrid Services
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized Environments
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technology
 
VMware vCloud Air: Introduction
VMware vCloud Air: IntroductionVMware vCloud Air: Introduction
VMware vCloud Air: Introduction
 
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack MethodsDerbyCon 7 - Hacking VDI, Recon and Attack Methods
DerbyCon 7 - Hacking VDI, Recon and Attack Methods
 
Virtualization meisen 042811
Virtualization meisen 042811Virtualization meisen 042811
Virtualization meisen 042811
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Parth virt
Parth virtParth virt
Parth virt
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 

Kürzlich hochgeladen

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Kevin wharram

  • 1.  
  • 2. Welcome Kevin Wharram, CISSP, CISM, CEH, EnCE, GCFA, 27001 Lead Auditor Member of the ISACA Security Advisory Group at ISACA London Chapter My interests are in – Forensics, Virtualization and Cloud Security
  • 3.
  • 4. What is Virtualization? Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system (OS), a server, a storage device or network resource. Source - http://en.wikipedia.org/wiki/Virtualization
  • 5.
  • 6.
  • 7.
  • 9.
  • 10. Server Virtualization Analogy Hotel VS Holiday Home
  • 11. Copyright © 2004 VMware, Inc. All rights reserved. Traditional Server Server without Virtualization Holiday Home
  • 12. Virtualized Server Hotel Server with Virtualization
  • 14.
  • 15.
  • 17.
  • 19.
  • 23.
  • 25. Industry Comments ESG Research indicates that security professionals lack virtualization knowledge and best practice models for server virtualization security. Gartner survey: “ 40% of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages.” Gartner analyst Neil MacDonald wrote: “Virtualization is not inherently insecure. However, most virtualized workloads are being deployed insecurely.“
  • 26.
  • 27.
  • 28.
  • 30.
  • 31. Controls Policies & Compliance Processes & Standards Compliance Pyramid
  • 33. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Source - http://www.nist.gov/itl/cloud/index.cfm
  • 34.
  • 35.
  • 36. Private Cloud Security Most of the virtualization controls that we spoke about earlier, would apply to the Private Cloud as you control the “Private Cloud.”
  • 37. Controls Organisation Due-Diligence Processes & Standards Compliance Pyramid
  • 38. Resources NIST guide to Security for Full Virtualization Technologies http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf VMware hardening guides http://blogs.vmware.com/security/2010/04/vsphere-40-hardening-guide-released.html Cloud Security Alliance http://www.cloudsecurityalliance.org/ NIST Definition of Cloud Computing http://www.nist.gov/itl/cloud/index.cfm Center for Internet Security (CIS) Benchmarks on Server Virtualization http://cisecurity.org/en-us/?route=downloads.benchmarks Defense Information System Agency (DISA) http://iase.disa.mil/stigs/index.html
  • 39. Questions? Kevin Wharram [email_address]

Hinweis der Redaktion

  1.   
  2.   
  3. 03/05/11 Integrated Solutions Management, Inc. Enterprise Governance in a Virtual World
  4. Virtual Desktop Infrastructure (VDI)
  5. Previously, it made a lot of sense to dedicate a separate physical server to each specific application. By isolating applications on dedicated hardware, you could limit their exposure to potential security threats – and when security failures did happen, you could limit them to a single machine. By dedicating a physical computer and its operating system to a single application, IT departments maintain greater protection against attackers, who have to find another way in. Virtualization platforms have made it far easier and much faster to create and deploy servers and applications than was possible when physical limitations governed system rollouts.