Securing and Auditing Virtualized Environments

IT Audit

Overview

This course focuses on ESX and Hyper-V security. The course begins with virtualization basics, hardware virtualization considerations, and different versions of ESX. It examines best practices for securing ESX servers, access to the management console, ESX logging, and other configuration issues to ensure the ESX virtual server hosts are secure and stable. It then covers Hyper-V and best practices for securing a Hyper-V environment. It also covers the benefits and synergy of virtualization when implementing the organization’s disaster recovery strategy. Participants tie these concepts together by formulating a suggested audit program of ESX/Hyper-V and the virtual server environment. The course includes case studies using a combination of live demonstrations and exercises that reinforce important virtualization concepts and associated audit points addressed in real audit projects.

Why you should take this course

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Here are the topics we'll cover.

Virtualization Basics
- What is Server Virtualization?
- Advantages and Disadvantages of Virtualization
- Hardware Considerations
- Backup Strategies
- Potential Hypervisor Attacks
- ESX and Hyper-V
VMWare vSphere/ESXi Basics
- ESX Basics
- ESX Versions
- ESX OS Support
- ESX Hardware Considerations
- ESX Backup
- Hardening ESX
- vCenter Security
Hyper-V and Disaster Recovery
- Hyper-V Basics
- Hyper-V Versions
- Hyper-V Guest OS Support
- Hyper-V Host Hardware Considerations
- Hyper-V Clustering
- Hyper-V Hardening
- Virtualization and Disaster Recovery
Developing an Audit Program for ESXi
- Auditing Host Hardware
- Auditing the Host Configuration
- Auditing Virtual Host Management Computers
- Auditing the UPS Configuration
- Auditing the Backup
- Auditing PtoV Migrations
- Auditing Clusters
- Auditing Virtual Servers
Minimum Items to Review in a Virtualization Audit
- Minimum Audit Guidelines
ESX Case Study

Learning Style

Instructor Led

Level

Advanced

Who this course is for

Information Security Managers, Analysts, and Administrators; IT Managers, Architects, and Developers/Integrators; IT Auditors; Network and System Administrators; Security Architects and Engineers; Compliance Officers and Quality Assurance Specialists.

NASBA Certified CPE

40 credits

Field of Study

Auditing

Length of course

40h

Prerequisites

Network Security Essentials Intermediate IT Audit School

or equivalent experience

Advanced Preparation

None

Start Learning Today

Stay ahead of the curve and future-proof your business with training programs designed for you.

Contact Sales

Here are the learning objectives we'll cover

List key characteristics, advantages, and disadvantages of virtualization.
Assess key considerations when preparing audit programs of virtualized environments.
Outline key considerations when preparing audit programs of virtualization disaster recovery programs.
List key risks and controls related to virtualized environments.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/