Professional Documents
Culture Documents
and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Cloud &
Virtualization
Security
Trend Micro Special Edition
by Daniel Reis
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Cloud & Virtualization Security For Dummies, Trend Micro Special Edition
Published by
John Wiley & Sons, Inc.
111 River St.
Hoboken, NJ 07030-5774
www.wiley.com
Copyright 2013 by John Wiley & Sons, Inc., Hoboken, New Jersey
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any
form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,
except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the
prior written permission of the Publisher. Requests to the Publisher for permission should be
addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ
07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com,
Making Everything Easier, and related trade dress are trademarks or registered trademarks of John
Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used
without written permission. Trend Micro, Smart Protection Network, Trend Micro Deep Security, and
the Trend Micro logo are trademarks or registered trademarks of Trend Micro Incorporated. All other
trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with
any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO
REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS
OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING
WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE
AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS
WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE
SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS
WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT
MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS
SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED
OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.
For general information on our other products and services, or how to create a custom For Dummies
book for your business or organization, please contact our Business Development Department in
theU.S. at 877-409-4177, contact info@dummies.biz, or visit www.wiley.com/go/custompub.
For information about licensing the For Dummies brand for products or services, contact
BrandedRights&Licenses@Wiley.com.
ISBN 978-1-118-73194-9 (pbk); ISBN 978-1-118-73192-5 (ebk)
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
Publishers Acknowledgments
Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial, and Vertical Websites
Development Editor: Lawrence C. Miller
Project Editor: Jennifer Bingham
Editorial Manager: Rev Mengle
Business Development Representative:
Kimberley Schumacker
Custom Publishing Project Specialist:
MichaelSullivan
Composition Services
Senior Project Coordinator: Kristie Rees
Layout and Graphics: Carrie A. Cesavice,
Jennifer Goldsmith, Andrea Hornberger
Proofreader: Lindsay Amones
Special Help from Trend Micro: Paula Rhea,
Monica Niemann
Business Development
Lisa Coleman, Director, New Market
and Brand Development
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About This Book......................................................................... 2
Foolish Assumptions.................................................................. 2
How This Book Is Organized..................................................... 3
Icons Used in This Book............................................................. 3
Where to Go from Here.............................................................. 4
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
iv
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Introduction
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Foolish Assumptions
First, I assume that you know a little something about server
and desktop virtualization, and perhaps a thing or two about
security as well. This book is written primarily for technical
readers who are evaluating security solutions for a virtual
or mixed physical and virtual environment.
Although many of the terms and concepts presented in this
book apply to virtualization technology in general, I assume
that youre primarily interested in virtualization solutions
from VMware, Microsoft, and Citrix, and therefore focus on
these solutions, with my apologies to IBM, Oracle, and the
many other virtualization solutions available today.
Finally, I assume that most organizations have already attempted
to secure their virtual systems using the same tools, in pretty
much the same way, as they did on their physical systems.
Many IT professionals mistakenly assume that virtual systems
are essentially the same, or have similar-enough operating
characteristics, as physical machines, so they end up implementing their existing security and management tools in their
new virtual environments with disappointing or even catastrophic results.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Introduction
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 1
Exploring Virtual
Environments
In This Chapter
Defining virtualization
Recognizing the benefits of virtualization
Understanding the business security challenges of virtualization
Working with cloud and virtualization
What Is Virtualization?
Virtualization technology simulates physical computing
resources, such as servers and desktop computers, in a
virtual environment. Figure 1-1 depicts a simplified virtual
environment. The virtual infrastructure software platform, also
known as virtualization software, is a virtualization layer
installed on a physical server. Examples of virtualization software include VMware vSphere, Microsoft Hyper-V, and Citrix
XenServer, among others.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
In a virtual environment, each VM runs as an individual dedicated session for the specific application(s) running on that
VM. Each VM session runs exactly as it would on a dedicated
physical machine, assuming adequate resources are allocated
to run its OS and application(s). The hypervisor enables
multiple VM sessions to operate alongside each other on the
virtual infrastructure that hosts those sessions, which allows
for higher utilization and more efficient allocation of physical
host machine resources.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Agility
Agility is one of the many benefits of virtualization. New VMs
can be quickly provisioned, removed, or put into a dormant
state. But the speed and ease with which these tasks are
performed can increase exposure to various security issues.
Important questions to consider include
Are new VMs deployed using an approved security
profile and in accordance with established policies?
Is the correct OS version installed and patched when
deploying new VMs?
Are adequate resources available for new VMs deployed
on a host machine?
Is a capacity analysis conducted prior to deploying new
VMs on a host machine?
How does a new VM impact the performance and security of other VMs on the host machine?
Are dormant VMs regularly scanned for known vulnerabilities and are security patches installed and current?
Are retired VMs properly removed from the virtual
infrastructure?
How is data that was previously associated with a retired
VM handled?
Although many of the preceding questions are also relevant
in physical environments, the speed with which VMs can be
deployed, brought online, and retired, as well as the constant
pressure for IT to be flexible and responsive to the needs
of the business, can create a culture of speed that forgoes
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
10
Regulatory compliance
Driven by the need to protect the private data (such as personally identifiable information, financial data, and health
records) of individual citizens from cybercriminals and identity thieves, governments throughout the world and at every
level have caught the regulatory bug. Information security
best practices are rapidly being codified with legal mandates
that seek to ensure that corporate governance, internal controls, business processes, and operations of organizations in
various industries are safe, sound, and secure.
With more than 400 regulations and over 10,000 overlapping
controls in more than 50 countries worldwide, compliance
has become a challenging and complex mandate for every
organization.
These regulations often require specific controls, corporate
compliance programs, audits, and public disclosures, and levy
stiff penalties for noncompliance. Some of the more significant
information and data security regulations include:
FISMA (Federal Information Security Act): Applicable
to U.S. Government agencies and contractors. Requires
implementation of information security processes in
accordance with FIPS (Federal Information Processing
Standards) and NIST (National Institute of Standards and
Technology) guidance.
HIPAA (Healthcare Insurance Portability and
Accountability Act): Security and Privacy Rules apply to
covered entities and their business associates in the
healthcare industry.
HITECH (Health Information Technology for Economic and
Clinical Health Act): Provides funding for electronic health
records (EHR) and safe harbor from disclosure requirements
for breached data that is encrypted, among other things.
PCI DSS (Payment Card Industry Data Security Standard):
An industry mandate that establishes information security
requirements for organizations that process payment card
transactions (such as credit and debit cards).
SOX (Sarbanes-Oxley): Publicly traded companies must
implement a framework of computer controls. Several
mandates cant be accomplished without prudent use of
technology and information security.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
11
12
Virtual machines (VMs) with different trust levels (for
example, inward- and outward-facing applications,
and different security policies) existing on the same
physical host
Lack of separation of duties between system administrators that all need access to the virtual environments
Patching and updating of dormant VMs
Sensitive data contained in VM images and snapshots
Insufficient logging and monitoring in the virtual
environment
Data leakage between virtual network segments and
components
Although the differences between physical and virtual environments may seem obvious, knowing the specifics is crucial
to the proper assessment and architecting of security solutions that you implement in your virtual environment. In
Chapter 2, I explain some of the specific technical security
challenges in a virtual environment.
Chapter 2
ecurity tools designed for physical systems have limitations that restrict their effectiveness in virtual environments. These limitations may also reduce or eliminate many
of the benefits of virtualization when security tools designed
for physical systems are redeployed or repurposed in virtual
environments. In this chapter, I explain these challenges and
how they negatively impact virtual server environments, as
well as how virtual-aware security solutions can help you
address these challenges.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
14
Inter-VM communications
Deploying a virtual environment doesnt change the way you
should architect your system environment. As in a physical environment, your private or inward-facing systems and
applications should be separate from your public or outwardfacing systems and applications. Always avoid putting inwardand outward-facing systems and applications on the same
physical hardware. Mixing inward-facing (for example, a company payroll system) and outward-facing (for example, a web
application for partners) applications may needlessly expose
internal applications that contain sensitive internal information to the outside world. An outward-facing VM provides a
doorway to all other VMs on the same host machine via the
hypervisor (see Figure 2-1).
According to industry research, as many as 70 percent of all
VMs are outward-facing, which means there is a high probability that at least one application running on your VM host
machines is being accessed by users you dont know or trust,
and cant control.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
15
Resource utilization
Another major benefit of virtualization technology is that
it maximizes the efficient use of physical server resources.
Many typical server applications utilize as little as 5 percent
of a CPUs total capacity and only 30 to 40 percent of the
available memory in a physical server.
Given this level of underutilization and the excess capacity
thats available on physical servers, traditional security software running on dedicated server hardware normally has all
the CPU, memory, and I/O resources that it needs to perform
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
16
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
17
By comparison, a physical host machine in a virtual environment will tend to have much higher average utilization of its
computing resources. In a virtualized environment, the hypervisor (see Chapter 1) manages the allocation of the physical
host machines resources among all the VMs running on that
host machine. But no matter how large the physical server
that may be deployed to run this virtual ecosystem, there
is still a fixed amount of hardware resources, such as CPU,
memory, and I/O.
Security software that is designed for physical systems isnt
virtual aware. That means it has no mechanism to tell that its
installed in a virtualized environment, where it has to share
server resources among many VMs on the same physical host
machine. Although a hypervisor is designed to handle spikes
in resource demand, when the traditional security software
is running in a virtual environment it can cause problems for
all the VMs deployed on a physical host. For example, if you
have several VMs installed on a single physical host with each
VM running a traditional antimalware security agent, a single
triggered event may cause all the VMs to simultaneously run
a full system scan. This can immediately deplete the available
system resources on the physical host and cripple the performance of the hosted applications.
Figure 2-3 depicts traditional agent-based antivirus/antimalware security software designed for a physical system, but
deployed in a virtual environment. As in the physical deployment model, the installed security agents will scan individual
files for threats on each VM, and perform periodic partial or
complete scans of each VMs system, applications, and files.
The individual security agents will also regularly communicate with an external site to get updates to their threat information, which can bring the physical host system and the
network to a crawl.
These resource-contention issues can force IT organizations
to implement less-than-ideal practices, such as overallocating resources to account for dynamic, spikey security activities and scans to ensure your virtualized applications have
acceptable levels of performance. Unfortunately, having to
account for the intermittent nature of these security agents
can significantly reduce the number of VMs you can install on
a host platform.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
18
Dormant VMs
Dormant servers that is, servers that have been powered
off or have otherwise been inactive for extended periods of
time present security challenges in any data center environment, whether physical or virtual. Dormant servers (or
dormant VMs in a virtual environment) tend to get overlooked
when operating system updates, security patches, and threat
updates or signature files are applied to systems as part of
a regular maintenance cycle. When these dormant servers
are powered on and placed in service, theyre more likely to
be vulnerable to threats that have previously been patched
or updated on other production systems. Thus, a dormant
server can put your entire data center at risk by providing a
compromised point of entry into your network.
In a physical server environment, dormant servers are
usually less prevalent than in virtual environments. Many
IT organizations lack the management tools to easily power
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
19
VM migrations
Another important capability in virtual environments is the
ability to move VMs between physical hosts, in order to
dynamically manage server resources or loads, or for disaster
recovery purposes. A VM can move from one physical host
to another in the same data center, or to other data centers
located throughout the world.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
20
How do you ensure that appropriate security policies
are applied to individual VMs as they move from one
physical host or data center to another?
What happens when a VM moves to a physical host
machine with a different level of security protection?
How do you protect a VM while it is migrating from one
physical host to another?
Traditional firewalls and IDSs/IPSs are installed on physical
network segments, and therefore cant adequately protect
VMs as they migrate from one physical host to another or
from one data center to another.
Having a sticky security solution (one that moves with a particular VM) thats either agent-based or agentless enables you
to have different security settings for each VM in your virtual
environment, regardless of the physical host machine that a
particular VM is located on at any given time.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
21
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
22
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 3
Understanding Virtual
Desktop Infrastructure
(VDI) Security
In This Chapter
Recognizing issues with traditional security products in VDI
deployments
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
24
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
25
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
26
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
27
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
28
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 4
Protecting Against
Global Threats
Todays threats come from every corner of the globe. Your
organization needs to deploy security solutions that have
the ability to effectively respond to threats no matter where
they originate. A comprehensive security solution must
have a global reach that can gather threat information from
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
30
Increased volume
Today, more than 1,500 variants of malware threats are discovered every hour. This means that signature and pattern
files for traditional antimalware software that is regularly
updated cant possibly keep up and servers and endpoints are
increasingly at risk.
No matter what type of security system you use to protect
your physical or virtual computing platforms, if those systems
cant obtain timely information regarding new threats, your
entire computing environment will be at risk.
Much of the increased volume of malware comes from lowskill hackers (known as script kiddies) who actually buy or
rent ready-made malware kits, such as virus source code and
botnets, to jumpstart the creation of malware variants or to
quickly launch brute force attacks against networks.
Greater sophistication
The sophistication of modern threats has also increased.
Malware threats can now be targeted against particular operating environments, including virtual and cloud systems. Todays
modern threats exhibit advanced characteristics that include
New infection methods: Infection increasingly uses techniques such as phishing, social networking sites, and
drive-by-downloads. Infection uses methods such as SSL
encryption to evade traditional security solutions.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
31
Persistence mechanisms: Rootkits, bootkits, backdoors,
and anti-AV are examples of malware programs commonly used to ensure that an attacker can continue infiltrating a system or network over an extended period of
time after it has been infected.
Stealthy communication techniques: Encryption, proxies, port hopping, and tunneling are techniques used to
maintain communications with other infected systems,
enable command and control of malware, and extract
valuable data from a targeted system or network.
Command-and-control functionality: This functionality
allows an attacker to control, manage, and update malware to achieve specific attack objectives.
Modern threats even sound more ominous! For example, an
advanced persistent threat (APT) is a type of targeted, sophisticated attack against an organization that takes place over
an extended period of time, sometimes many years, for the
purpose of stealing valuable and sensitive information. These
types of attacks are usually carried out by criminal organizations or rogue nation-states with vast computing and hacking
resources. Thus, you must defend against not only the
script kiddies, but also the professional cybercriminals and
cyberterrorists.
This means that Trend Micro can instantaneously and globally share information about an attack from new malware
discovered anywhere in the world, without having to actually
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
32
Figure 4-1: Trend Micros SPN provides global threat intelligence against
new and existing malware threats.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
33
34
Integrity monitoring: File integrity monitoring provides
the ability to manage access to specific directories and
files, and detect malicious or unauthorized changes to
directories, files, or even registry keys. Integrity monitoring can be deployed for a single VM application, perhaps
to protect specific data such as sensitive financial or
cardholder data or private health information.
Intrusion detection and intrusion prevention systems
(IDS/IPS): IDS/IPS can detect and block known and zeroday attacks that target system and software vulnerabilities. Deep Security leverages Trend Micros SPN to get
dynamic and instant updates on the reputation of specific URLs, such as a link in an e-mail or a document.
Logging: This component (available only as an agent
installed on individual VMs) provides unique capabilities
for gathering, alerting, and logging security-specific traffic, and optimizing the identification of important security issues that would often be buried in a traditional
log system.
Encryption: Encryption can provide full protection for
data, wherever its located. It also provides a policy
server to set rules for access to specific data and alert you
when unauthorized activity is detected. These capabilities reside in a system you control that also houses keys
to encrypt or decrypt data, with full audit capabilities
to help your organization meet a variety of compliance
rules. These functions permit safe utilization of cloud
computing because you have complete control of your
datas state and access.
Each of these Deep Security components can run on the individual VMs, as an agent, in a variety of virtual infrastructures
including VMware, Microsoft, and Citrix, to name a few.
In a VMware environment, Deep Security can run as an
agent-based solution installed on individual VMs, or as an
agentless, virtual appliance that runs directly on the physical
host machines in the virtual environment. Trend Micro and
VMware codeveloped a set of APIs in the VMware ecosystem.
Using these API links, the Deep Security virtual appliance has
complete visibility of all hypervisor and inter-VM traffic on the
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
35
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
36
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
37
Figure 4-3: Trend Micro Deep Security protects physical, virtual, private,
and public cloud environments, as well as hybrid environments.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
38
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 5
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
40
Automatically adjusts resource usage. Automatically
adjusts to the environment where it is deployed
particularly virtual environments so that performance
levels wont be compromised by a security solution.
Migrates with virtual systems. Security protections
dynamically migrate with VMs between physical host
machines or in the cloud.
Provides add-on capabilities as needed. Deploy only the
capabilities required for your environment and add capabilities as your security requirements evolve, without
having to redeploy or reconfigure your entire security
solution.
Protects dormant VMs. Dormant VMs can be started up
quickly in a virtual environment. If not properly scanned
and protected before being brought online, a dormant
VM can expose your entire virtual environment to security threats.
Logs relevant security information. A logging system
that is security specific, whether in a physical, virtual,
or cloud world, means your capability to have relevant
information on activity that may be related to a threat
provides more focus and less content to analyze.
Filters unpatched systems. Protects unpatched systems
against known vulnerabilities by putting a filter in place
to protect them. Also filters older systems that may no
longer be supported by the manufacturer or custom systems and applications with filters you can write to protect against a known vulnerability.
Implements minimum security configuration management rules and profiles. Automatically extends security
configuration management rules and profiles to new
hosts and their VMs, without having to reconfigure each
system as its started up. With a baseline security configuration established, systems that require additional
security safeguards can be dealt with more effectively
on an as-needed basis.
Meets regulatory requirements. Provides add-on
security modules designed to meet specific regulatory
requirements, such as PCI, in a virtual world.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Appendix
adware: Malware advertising programs that often appear as
pop-up banners or windows.
APT (advanced persistent threat): A sustained Internetborne attack usually perpetrated by a group with significant
resources, such as organized crime or a rogue nation-state.
authentication: The process of verifying the identity of a user,
computer, or service.
backdoor: Malware that allows an attacker to bypass authentication mechanisms to gain unauthorized access to a system
or application.
bootkit: Malware that is a variation of a rootkit, often used to
attack an encrypted hard disk.
bot: A target machine that is infected by malware and is part
of a botnet (also known as a zombie).
botnet: A broad network of bots working together.
Bring Your Own Device (BYOD): Allowing individual users to
use their personal smartphones, tablets, and other computing
devices in the workplace for both personal and business use.
consumerization: A current trend in which users increasingly
find personal technology and applications that are more
powerful or capable, more convenient, less expensive, quicker
to install and easier to use than corporate IT solutions. See
also BYOD.
data integrity: The accuracy and consistency of information
during its creation, transmission, and storage.
defense in depth: A strategy for achieving information
security by using multiple layers of defense.
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
42
Appendix
43
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
44
These materials are the copyright of John Wiley & Sons, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.