Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Virtualisation Security Course Arrives in UK

SANS Institute : 19 October, 2010  (New Product)
London will be the venue of the Virtualization Security Fundamentals course being offered by the SANS Institute for the first time in Europe
The SANS Institute will offer its first European session of its new Security 577 Virtualization Security Fundamentals at SANS London later this year. The course, which has had extremely high levels of early registration, is a response to the growing realisation that the ease of Virtualisation and subsequent server sprawl is leading to a relaxation of proper security procedures.

"The process of setting up a virtual environment is incredibly easy, IT administrators are under pressure to roll out new services and many of the basics of the 'old fashioned' secure deployments schemas are simply overlooked," comments Steve Armstrong, former head of the UK Royal Air Force penetration testing and widely considered one of the UK's most experienced IT security architects.

Armstrong, who has been within the security sector for over 17 years, will be teaching the new SANS Security 577 course, notes a complacency that has set in around Virtualisation security, "Consolidating say 10 servers down to just a couple of boxes running VM's needs the same basic understanding of good security practice as in the physical world," he comments, "Many of the basic settings can't just be taken for granted as secure, in practice, good security takes longer but the benefits are much greater than the short term pain."

Heading up technical security consulting at Logically Secure, Armstrong works extensively in the field with clients across both the private and public sector and often encounters many common issues. "One we see a lot is virtualised environments spanning different areas such as the DMZ, development and live production servers. Permissions in one area can lead to weaknesses being exploited across multiple areas."

Another problem is failure of existing security infrastructure to be reconfigured or replaced to the virtual environment. Armstrong highlights the use of IDS and IPS which don't look at traffic that is passing between Virtual servers running on the same hardware which effectively negates their effectiveness.

"The response we have had for this course has been fantastic and mirrors the demand for Virtualisation in many ways," comments Armstrong, "the course is structured to deliver hands on experience, by the end of the session, students will have built and attacked a complete virtual infrastructure - which is a really exciting prospect."

Armstrong estimates less than 1% of system administrators tasked with setting up virtualised environments have had any formal training in security best practice in a virtualised world. "The differences are subtle but considerable, especially in areas like Virtual Switch Security Policies and Virtualization Risk Assessment."

Armstrong believes that the initial configuration of any new Virtualisation project is the most critical time, "Every organisation deploying a new virtualised environment should have at least one team member who has a practical understanding of Virtualisation security as the mistakes made early on can lead to massive repercussions later on - mistakes that can go unnoticed until the first breach." He concludes.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo