Hyper-V Security电子书

Hyper-V Security

Table of Contents

Hyper-V Security

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Instant updates on new Packt books

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Introducing Hyper-V Security

The importance of Hyper-V security

Your clients expect it

Your stakeholders expect it

Your employees and volunteers expect it

Experience has taught us that security is important

Weak points aren't always obvious

The costs of repair exceeds the costs of prevention

Basic security concerns

Attack motivations

Untargeted attacks

Targeted attacks

The computing device

The network

Data-processing points

Data storage

People

A starting point to security

Hyper-V terminology

Acquiring Hyper-V

Hyper-V Server

Windows Server

Client Hyper-V

Summary

2. Securing the Host

Understanding Hyper-V's architecture

Choosing a management operating system

Hyper-V Server

Windows Server – full GUI installation

Windows Server – Core installation

Windows Server – Minimal Server Interface installation

Switching between Windows Server modes

Practical guidance to chose a deployment

Disabling unnecessary components

Using the Windows Firewall

Relying on domain security

Leveraging Group Policy

Exporting SCM baselines

Importing a policy into Group Policy Management Console

Applying SCM baselines to Local Group Policy

Enabling LocalGPO in Windows and Hyper-V Server 2012 R2

Using security software

Configuring Windows Update

Manual patching

Fully automated patching

Staggered patching

Guinea pig systems

Employing remote management tools

Following general best practices

Microsoft baseline security analyzer

Hyper-V Best Practices Analyzer

Running the Hyper-V BPA from Server Manager

Running the Hyper-V BPA from PowerShell

Other practices

Summary

3. Securing Virtual Machines from the Hypervisor

Using the Hyper-V Administrators group

Using Group Policy to control Hyper-V Administrators

Powers of Hyper-V Administrators

Leveraging PowerShell Remoting

Configuring PowerShell Remoting and its basic usage

Workgroup and inter-domain PowerShell Remoting

Certificate-based PowerShell Remoting

Configuring the Host SSL certificate

Configuring the Remote System

TrustedHosts-based PowerShell Remoting

Choosing between SSL and TrustedHosts

Example – PowerShell Remoting with Invoke-Command

Using custom PowerShell Remoting endpoints

Practical custom PowerShell Remoting endpoints

Summary

4. Securing Virtual Machines

Understanding the security environment of VMs

Process isolation

Memory isolation

Hard disk isolation

Network isolation

Other hardware

Practical approaches to isolation security

Leveraging Generation 2 virtual machines

Employing anti-malware on a virtual machine

Considering intrusion prevention and detection strategies

Using Group Policy with virtual machines

Limiting exposure with resource limitations

Virtual processor limits

Memory limits

Hard drive I/O limits

Virtual network limits

Applying general best practices

Summary

5. Securing the Network

Understanding SSL encryption

Leveraging network hardware

Hardware firewalls

Using the virtual switch's isolating technologies

Multiple switch types

Virtual LAN

Using PowerShell to control VLANs on virtual adapters

Private VLAN

Using PowerShell to configure private VLANs

Network virtualization

Employing Hyper-V virtual switch ACLs

Using basic port ACLs

Using extended port ACLs

Practical ACL usage

Configuring the Windows Firewall

Using management tools remotely

Enabling Remote Desktop

Enabling other remote management tools

Remote access for non-domain-joined machines

Using Hyper-V with IPsec

Configuring virtual network adapter protections

MAC address settings

DHCP guard

Router guard

Port mirroring

Setting Hyper-V protections using Powershell

Encrypting cluster communications

Securing Hyper-V Replica traffic

Summary

6. Securing Hyper-V Storage

Configuring NTFS security for VM storage

Securing SMB 3.0 shares for VM storage

Administrative and hidden shares

Securing iSCSI connections

Physical and logical isolation

iSCSI security options

Using Secure Boot

Using BitLocker

Understanding the role of backup

Summary

7. Hyper-V Security and System Center VMM

Enhancing Hyper-V host security through VMM

The user role group descriptions

Run as accounts

Securing the VMM installation

VMM library shares

Anything else?

Network virtualization and multi-tenancy

Providing secure self-service with the Windows Azure Pack

DOS and DDOS attacks

Summary

8. Secure Hybrid Cloud Management through App Controller

System requirements

Installing App Controller

Connecting clouds to App Controller

App Controller's role-based security model

Summary

Index