Presentation on theme: "Intro to Virtualization"— Presentation transcript:
1Intro to Virtualization Talk about the increasing move to the cloudAddress how more organizations are increasing relliance on cloud providers in many capacitiesWhat the cloud really means? Nothing- it's the freaking internetWhat is the main difference?Relying on someone else is nice, less overhead, pay experts to do “their job”No need to worry about hardware failureLess control over physical accessPhil GrimesCoach / MentorSecurity Consultant
2What is a Virtual Machine? Computer within a computerIt's there, but it's notLogically looks like physical machineMemory (RAM)Ethernet ConnectionStorage (Hard disks)Other components?The cloud is something to embraceComes w/ risk like anythingIt's happening now and has no indication of slowingFinancial Institutions, Health Care, GovernmentOutsourcing and CompartmentalizingProviders take the time to implement a secure infrastructure and that client's data and applications are protected from unauthorized accessSeveral areas of focus which help achieve this goalClients Responsibility to ensure provider has taken proper security countermeasures to protect their data
3Level the Playing Field Host operating system (host OS)The operating system of the physical computer on which the virtual machine was installed.Guest operating system (guest OS)The operating system running inside the virtual machine.SnapshotA snapshot is a copy of the virtual machine’s current state.Multiple snapshots can be saved to go back to at any given time.ImageThe actual virtual machineProvider should be willing to show detailed information on security programsPoliciesRisk Management/Control
4VM Advantages1. Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access," Gartner says.2. Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions," according to Gartner.3. Data location. When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.4. Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. "Encryption accidents can make data totally unusable, and even normal encryption can complicate availability," Gartner says.5. Recovery. Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. "Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure," Gartner says. Ask your provider if it has "the ability to do a complete restoration, and how long it will take."6. Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever- changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible."7. Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application," Gartner says.
5Flexibility Travel back and forward in virtual machine time Run multiple operating systems (OS) and applications on one physical machine at the same timeIndependent of hardware or software underneath the VMRun legacy applications without having to changes current OS settings
6Scalability & Portability Multiple VMs can reside on one physical machineEasily transported from one machine to another
7CostLess expensive than buying multiple machines (less hardware to purchase)Less power/electricity than having more physical machinesSave time testing new software without it affecting your current configurations
9Requirements are a must Purpose of the machineHow many users will need to be accommodated (now and in the future)Types of demands users will be placing on the machine (now and in the future)
10Performance, Resources, & Failure (oh my!) Performance might be degraded if necessary hardware has not been allocatedRunning VMs simultaneously requires more hardware resourcesSingle point of failureIf host machine fails, all VMs residing on that machine fail
11Tools of the GameMany tools exist to create and run virtual machines, however, CyberPatriot VI will use VmwareVMware playerA free product that will allow you to run virtual images on your computer
12How to Get VMWareTo obtain a copy of the VMware player software, follow these steps:1. Open a web browser and type into the location bar.2. Click on the “Download” button on the VMware Player home page.3. Scroll down and under ‘Product Downloads’ you will see “VMPlayer x.x.x”.Click on the “Download” button. This will take you to a registration page.
13How to Get VMWare (con't) Register for an account (if you have an existing account, please login and go to step 11)4. You must register for a free VMware account with a valid address in order to download the VMware player software.5. After you register for a free VMware account, check your for the registration confirmation from VMware.6. Inside your registration confirmation from VMware there is a link to download VMware products7. Click on the link or copy and paste the URL into a web browser.
14How to Get VMWare (con't) 8. Enter your password for the account you created. A new account much be activated before downloading products.9. Once you have logged in you will be taken to another web page asking you to “Access Your to Activate and Access Your Free Download.”10. Go back to the account you used to register for your VMware account and check for a message from “The VMware Team”. Inside that message will be a link “Download VMware Player”. Click on that link to go to the VMware Player Free Product Download page.
15How to Get VMWare (con't) Continue following these steps11. Under the “Binaries” section look for “VMware Player for 32-bit and 64-bit Windows” – this should be the first entry. Click on the “Start Download Manager” button to the right of the description.
16How to Get VMWare (con't) Continue following these steps12. You will be prompted to save the file and your VMware Player installer should begin to download.13. Once the installer has finished downloading, double-click it to begin the installation.14. Follow the instruction prompts to install VMware Player and be sure to reboot your system when prompted at the end of the installation.NOTE: These instructions apply only to computers running a Windows operating system such as Vista, Windows 7, Windows XP, etc. If you are using a Linux-based system you will need a different version of the VMware software. If you are using a Macintosh you will need additional software, such as Fusion, as there is no VMware Player software available for Macintosh systems. These instructions also assume there are no VMware products already installed on the system you are using.
17VMWare ImageWhen you create or download a VMware image you may notice there are several files associated with that image. DO NOT make any changes to these files unless specifically instructed to do so. Modifying these files can severely impact the performance of your virtual image and may render it inoperable.Some of the file types you will see associated with a VMware image are*.vmdk:Simulated hard drive for your virtual system. There may be one or more of these files associated with your virtual image as VMware allows you to split a single virtual disk into multiple 2GB files.*.vmx:These files contain details such as the type of hardware to simulate for the virtual system, the amount of memory to allow the virtual machine to use, and so on.*.nvram:This file stores the state of the virtual machine's BIOS.
18VMWare Image (con't)CyberPatriot training and competitions require downloading of VMware images.It is extremely important that you verify you have a “clean” download.You may do this by matching the checksum of the file you downloaded with the checksum displayed on the web page where you downloaded the CyberPatriot image.A checksum is a mathematical calculation based on the data contained in a file – matching checksums allows you to determine if a file has been corrupted or modified from its original state. If the checksum of the file you downloaded does not match the checksum displayed on the web page where you downloaded the file you must download the image again.VMware also hosts a Virtual Appliance Marketplace atOver 1,000 pre-built VMware images containing everything from different operating systems to demonstrations of security and network management products are available to download.CyberPatriot is in no way affiliated with the Virtual Application Marketplace or any of the content made available through the marketplace. Users download and use the virtual appliances at their own risk.
20Open VMWare ImageTo launch VMware Player and browse for a virtual image, follow these steps:Start the Player Start- >VMware->VMware Player from your Windows Start menuThe dialog box will appear. Click on “Open a Virtual Machine”.
21Open VMWare Image (con't) This will take you back to the main VMware Player screen. Select the image name on the left, then click ‘Play virtual machine’
22Open VMWare Image (con't) Browse to the directory where you’ve downloaded or unzipped a virtual image. Click to select the .vmx file associated with the virtual image you wish to start and click the “Open” button
23Open VMWare Image (con't) If this is the first time you’ve started the VMware image a dialog box (see below) will Appear. Select ‘I copied it’, then Click ‘OK’ to continue.
24Open VMWare Image (con't) The next screen you may see will a list removable devices that can be associated with and accessed by the virtual image. Click “OK” to continue.
25Open VMWare Image (con't) When the virtual image has finished booting, you will see a login screen or welcome screen just as you would on a physical computer loaded with the same operating system that is running inside your virtual image. For example, a virtual image running Windows XP.
26Homework Download VMware images from the CyberPatriot website Windows XP workstationWindows 2003 serverStop doing stupid awareness, only teach awareness for laptop prevention. Teach them to be netcops instead.Read the posts on SoS for more reference.
27Independent Study Suggested components to research Windows Registry XP based Windows Recovery ConsoleXP based System Restore Vista and 7 based Restore GuideWindows XP workstation Windows 2003 serverbased Restore GuideSVCHOST.EXE Hiding filesWindows Forensics XP FirewallVista/7 God Mode Safe ModeAutomatic Updates Program Startup LocationsSysinternalsStop doing stupid awareness, only teach awareness for laptop prevention. Teach them to be netcops instead.Read the posts on SoS for more reference.