CIPUG Morgan King Virtualization
CIPUG Morgan King Virtualization CIPUG Morgan King Virtualization
CIP-007-3 R6Security Status Monitoring• “…monitor system events that are related tocyber security.”• Are cyber security events being logged forVMs and Hypervisor?o /var/log/vmware/webAccesso /var/log/secureo /var/log/vmware/esxcfg-firewall.log46
Virtual Machines• Dynamic nature – “VM Sprawl”o How are unauthorized virtual cyber assets prevented?• Virtual Machines should be treated no differently thanphysical machines in terms of -o Segmentationo Physical Securityo Least Privilege Accesso Security Patchedo Subject to Change control/Configuration Managemento Proper Disposal/Redeployment47
- Page 1: Morgan KingCISSP-ISSAP, CISAComplia
- Page 6 and 7: History• Virtualization technolog
- Page 8 and 9: What is Virtualization?• Abstract
- Page 10 and 11: Hypervisor Type 2 - Hosted• Requi
- Page 12 and 13: Platform Players• VMware - vSpher
- Page 14 and 15: Benefits• Server consolidation/ut
- Page 16 and 17: Complexity• Server Virtualization
- Page 18 and 19: CIP-002-3 R3Critical Cyber Asset Id
- Page 20 and 21: Is Hypervisor in-scope?• Any Hype
- Page 22 and 23: Mixed-Mode• Configuration where b
- Page 24 and 25: 1 Hypervisor - 3 Physical NICs5 Vir
- Page 26 and 27: CIP-007-3 R2Ports and Services•
- Page 28 and 29: 28~# esxcli network ip connection l
- Page 30 and 31: CIP-007-3 R3Security Patch Manageme
- Page 32 and 33: 32Hypervisor patches
- Page 34 and 35: 34Virtual Machine installed securit
- Page 36 and 37: 36VMware vShield Endpoint
- Page 38 and 39: 38Privileged Service Console Access
- Page 40 and 41: CIP-007-3 R5.2.2Shared accounts40
- Page 42 and 43: 42Are specific roles are defined?
- Page 44 and 45: CIP-007-3 R5.3Password enforcement4
- Page 48 and 49: 48Virtual Machines and Templates
- Page 50 and 51: Attack Vectors• VM Escape• Hype
- Page 52 and 53: 52http/https running as who?
- Page 54 and 55: Sum it up!• CIP Standards apply t
- Page 56 and 57: References56• http://history.cs.n
CIP-007-3 R6Security Status Monitoring• “…monitor system events that are related tocyber security.”• Are cyber security events being logged forVMs and Hypervisor?o /var/log/vmware/webAccesso /var/log/secureo /var/log/vmware/esxcfg-firewall.log46
Change language