Virtual Infrastructure 3 Best Practices for a secure installation. Jeff Mayrand.

Slides:



Advertisements
Similar presentations
Ethernet Switch Features Important to EtherNet/IP
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Virtual LANs.
Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
VLANs Semester 3, Chapter 3 Allan Johnson Website:
Lesson 1: Configuring Network Load Balancing
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Speaker 2006/XX/XX Speaker 2007/XX/XX IGMP Snooping CK NG Technical Marketing.
1 Lecture #6 Switch – VLAN Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University, Bangkok, Thailand.
Chapter 4: Managing LAN Traffic
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
IEEE 802.1q - VLANs Nick Poorman.
Semester 3, v Chapter 3: Virtual LANs
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Virtualization Infrastructure Administration Network Jakub Yaghob.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Chapter 8: Virtual LAN (VLAN)
Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.
Author: Bill Buchanan. 1. Broadcast: What is the MAC address of this network address? 2. Requested host: All the hosts read the broadcast and checks.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switching Basics and Intermediate Routing CCNA 3 Chapter 8.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.
Security fundamentals Topic 10 Securing the network perimeter.
Switching Topic 2 VLANs.
Virtual LAN (VLAN) W.lilakiatsakun. VLAN Overview (1) A VLAN allows a network administrator to create groups of logically networked devices that act as.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 8 – Virtual LANs Virtual LANs VLAN Concepts VLAN Configuration.
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
Instructor Materials Chapter 2: Scaling VLANs
Security fundamentals
Instructor Materials Chapter 5: Network Security and Monitoring
Switching and VLANs.
Virtual Local Area Networks or VLANs
HELLO WORLD!!! Run Project 2: WELCOME Subject: Virtual LAN’s
Vmware 2V0-642 VMware Certified Professional 6 - Network Virtualization (NSX v6.2) VCE Question Answers.
Virtual Local Area Networks (VLANs) Part I
Planning and Troubleshooting Routing and Switching
Chapter 4 Data Link Layer Switching
1.
– Chapter 5 – Secure LAN Switching
Chapter 5: Inter-VLAN Routing
Chapter 2: Basic Switching Concepts and Configuration
VLAN Trunking Protocol
Virtual LANs.
Chapter 2: Scaling VLANs
Chapter 5: Network Security and Monitoring
Routing and Switching Essentials v6.0
Network Virtualization
Connecting LANs, Backbone Networks,
Switching and VLANs.
Switching and VLANs.
Virtual LAN VLAN Trunking Protocol and Inter-VLAN Routing
Multicasting Unicast.
Presentation transcript:

Virtual Infrastructure 3 Best Practices for a secure installation. Jeff Mayrand

Contents  Architecture changes (General Overview)  General Account Security  VSWIF Security  Web Security  Monitoring / Security Toolkits  VMware Virtual Appliances

Architecture Changes  MUI Removed From ESX Server  Console and Guests Soft Switches are Visible - Complete ReWrite of Network Code  VM Backup Proxy  VMFS 3

General Account Security  Do use SUDO and Wheel Groups to segment administrative functions.  Create separate service accounts for operation of Virtual Center  Recommended administrative groups (VMAdmins, ESXAdmins)

Virtual Switch Overview  Vswitch at its core is a layer 2 forwarding engine.  VLAN Tagging / Stripping / Filtering Units  Very Modular (3 rd Party Addons)  Part of Community Source

Virtual Switch vs Physical Switch How is it the similar?  Maintains MAC Port forwarding table.  Support VLAN segmentation per port.  Supports copying packets to mirror port (span port)  Can be managed remotely by administrator.

Virtual Switch vs Physical Switch How is it different?  Direct channel from VNIC’s for control data (Checksum / segmentation) Very wide control channel.  Authoritative MAC filler updates. No IGMP Snooping to learn multicast group membership. No learning of unicast addresses. Ports can automatically enter mirror mode.

Vswitch Isolation – How to ensure no traffic leaks between vswitches?  Switches are not cascaded so no code sharing between.  Vswitches cannot share uplink ports.  Each vswitch has its own forwarding table

Vswitch Isolation – How to ensure guests cannot impact switch behavior?  Vswitches cannot learn from the network to populate the forwarding table.  Vswitches make copy of frame to prevent inflight modification (wide control channel)

Vswitch Isolation – How to ensure frames are in appropriate VLAN?  VLAN data carried outside frame. (wide control channel)  Vswitch has no dynamic trunking.  Vswitch has NO native VLAN support.

Web Security  Update and use SSL certificates on ESX hosts and on Virtual Center  Core is Apache so check into all know apache exploits.  MUI removed from ESX hosts which makes securing easier less widespread.

Monitoring and Security Toolkits  SNMP is default monitoring access. (OID Masking, Community Strings)  Security toolkits are available for helping check for changes to available ports and known exploit validation. Network Security Toolkit Virtual Machine (Nagios, Nessus, Nmap)  Common Vulnerabilities and Exposures (Many false positives)

Virtual Appliances  Know who’s providing it to you!  Isolate before you put into production. Place extra effort to validate and monitor after you put in. (Rogue traffic, configuration changes, etc)

WWW Resources   y/security/ y/security/ 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.