Securing and Auditing Virtualized Environments - ASN304


In this five-day seminar, you will focus on ESX and Hyper-V security. You will start with virtualization basics, hardware virtualization considerations and different versions of ESX. We will examine best practices for securing ESX servers, access to the management console, ESX logging and other configuration issues to ensure ESX virtual server hosts are secure and stable. You will review Hyper-V and best practices for securing a Hyper-V environment. Finally, you will tie all of these concepts together with a formulation of a suggested audit program of ESX/Hyper-V and the virtual server environment. Case studies using a combination of live demonstrations and exercises will reinforce important virtualization concepts and associated audit points addressed in real audit projects.

Prerequisites: A working knowledge of operating system security, networking concepts, and associated logical access controls, Network Security Essentials (ASG203)​, Intermediate Audit School (ITG241)​ or equivalent experience
Advance Preparation: None
Learning Level: Intermediate
Field: Auditing
Delivery Method: Group-Live

What you will learn

1. Virtualization Basics
• what is server virtualization?
• advantages and disadvantages of server virtualization
• hardware considerations
• backup strategies
• potential hypervistor attacks
• ESX and Hyper-V

2. vSphere/ESXi Basics
• ESXi Basics
• ESXi Versions
• ESXi OS Support
• ESXi Hardware Considerations
• ESXi Backup
• Hardening ESXi
• vCenter Security

3. Hyper-V Basics
• Hyper-V Basics
• Hyper-V Versions
• Hyper-V Guest OS Support
• Hyper-V Host Hardware Considerations
• Hyper-V Clustering
• Hyper-V Hardening

4. Virtualization and Disaster Recovery
• benefits of incorporating virtualization into your disaster recovery plan.
• physical versus virtual server recovery times.
• hyperconvergence and disaster recovery
• architecting your production environment to simplify disaster recovery
• Recovery Point Objectives (RPO)
• Recovery Time Objectives (RTO)
• testing your disaster recovery plan

5. Developing an Audit Program for ESX
• auditing host hardware
• auditing the host configuration
• auditing virtual host management computers
• auditing the UPS configuration.
• auditing the backup.
• auditing the physical to virtual migrations
• auditing clusters
• auditing virtual servers

6. ESX Case Study

Further information

ACI Learning
ACI Learning
5 Days
Scheduled dates
Course type:
Amsterdam, Atlanta, GA, Bandar Seri Begawan, Boston, MA, Burlington, MA, Cape Town, Charlotte, NC, Chicago, IL, Dallas, TX, Denver, CO, Dubai, Dublin, Dublin, OH, Hong Kong, Houston, TX, Las Vegas, NV, London, Manila, New York, NY, Oman, Orlando, FL, Philadelphia, PA, San Antonio, San Diego, CA, San Francisco, CA, Seattle, WA, Singapore, Virtual Training Room Only, Washington, DC

Contact Information

ACI Learning

6855 S. Havana St.
Suite 230
80112 USA