2C

Question 1

There are several areas of concern when deploying virtual machines:

Answer 1

training and education
change control
asset tracking and management
patch management
authentication and authorization
logging and auditing.

Question 2

When assessing the customer’s security implementations, we often find significant attention focused on technology to the detriment of the end users. It is vital that users are ___ ___ about new technology to understand and plan for any change in processes brought about by the new technology.

Answer 2

trained properly

Question 3

It is recommended to ____ administrators, operational staff, solution architects, and users on the topic of virtualization.

Answer 3

train

Question 4

___ need to know the proper way to set up virtualization configurations and be mindful of any pitfalls. ____ must also understand what the security capabilities of the underlying technologies are and the assurances they provide. For instance, certain features can be disabled by the ____ at a global level, but they can still be enabled by individual users for their own virtual machines. It is crucial to be aware of such features so other control mechanisms can be put in place or to enable an audit trail.

Answer 4

Administrators

Question 5

___ ___ and review boards should carefully consider any changes to the base infrastructure before approving them. Making changes at the base level is like upgrading the hardware or firmware on a physical machine. Such an operation would be treated with utmost care on production machines in the physical world and the same care should be applied to updates, upgrades, and installation of any software or changes to configurations of a virtualized
environment.

Answer 5

Change control

Question 6

These changes can often affect the three fundamentals of security:

Answer 6

• Confidentiality- all users and devices have network access.
• Integrity- Data is not compromised.
• Availability – data readily available to authorized users.

Question 7

First, any change should be tested in a ___ ___ to ensure the change does not adversely affect either the host or guest operating systems. This could mean running a battery of security tests before and after the change to verify this—ranging from a simple port scan to see if
the Transfer Control Protocol/Internet Protocol (TCP/IP) fingerprint has changed, to a full-blown vulnerability scan as new services on the host come online for virtual management.

Answer 7

staging environment

Question 8

Secondly, once testing is complete, changes should only be made during approved ___ ___ ___ no matter how trivial or small the change appears to be on the host. All the change control best practices continue to apply for the guest workloads.

Answer 8

change control windows

Question 9

Getting a new server up and running can be as simple as cloning an existing VM or importing an existing physical machine. Features such as live virtual-machine migration and dynamic load balancing can result in new machines being “spun up” on the fly. This can lead to difficulty from an ___ ___ perspective. Lack of ___ ___ and management puts companies at risk of falling out of compliance with licensing requirements.

Answer 9

asset tracking

Question 10

With VMs being brought up and torn down, licenses may even be lost. To manage this risk, it is imperative operations applied in a virtual environment adhere to the same standards created for
___ ___.

Answer 10

physical systems

Question 11

Organizations should create and maintain detailed ____ of the software. Once the ____ is created, it is important to track the usual vulnerability news sources (security mailing lists, vendor websites, and the popular security press) to watch for any newly discovered
vulnerabilities and their associated mitigation options.

Answer 11

inventory

Question 12

Another important aspect of virtualization is that assets can be ____ _____ ____. Several virtualization vendors offer preconfigured virtual appliances (a combination of hardware and software). These appliances are built, optimized, and typically serve specific purposes such as a firewall or an Internet browser appliance.

Answer 12

downloaded from the internet

Question 13

A further complication to keep in mind is most of the virtualization technologies available today support ___ ___ ___, making such virtual machines undetectable by the network while still providing them with unrestricted access to the host and the network itself.

Answer 13

complex networking schemes

Question 14

A common problem with many organizations, even before the introduction of virtualization, is patching efforts focusing only on perceived big targets. This includes the operating system and
possibly server software—Web servers, application servers, and database servers. Unfortunately, the smaller, seemingly inconsequential components (especially those from third
parties or open-source libraries) tend to be _____. This can expose the network infrastructure to several critical security issues.

Answer 14

forgotten

Question 15

The host and guest operating systems, the software applications, and the virtualization software itself must all be ____.

Answer 15

patched

Question 16

Nothing changes significantly from the physical world when it comes to authentication. Virtualization products do add new components and considerations, though the basic security threats do not change. For example, ___ accounts on the host.

Answer 16

provisioning

Question 17

Provisioning accounts should be handled in a very ____ manner since providing a user with access to the host can potentially be a very powerful privilege over a guest account.

Answer 17

sensitive

Question 18

It is a good idea to link authentication to the host to existing identity management solutions. This can include integrating with ___ ___ or another corporate directory solutions.

Answer 18

active directory

Question 19

Organizations need to determine who will be responsible for these tasks and perhaps create new roles, such as…?

Answer 19

VM administrators, authors and users.

Question 20

___ and ___ a strong audit trail of all activities occurring in a virtual environment is imperative. This can be used to determine who powered off the Web server virtual machine or who created a copy of the database server virtual machine.

Answer 20

logging and maintaining

Question 21

Most of the virtualization solutions currently available provide some support for such audit trails. However, these should be _____ to integrate with existing event notification systems in use within the network environment

Answer 21

augmented

Question 22

It is important to treat virtual machines just like physical hardware. One possible risk is a physical hardware fault could take down multiple virtual machines. It is therefore vital to know
about such problems as early as possible. This is best done by continuously and consistently…?

Answer 22

monitoring the host machine

Question 23

Logs should be monitored to maintain an ___, ____, and ____ network. Any logging capability is only useful if the logs are monitored. It is essential administrative staff monitor the system for alerts and respond to them appropriately. This goes back to the training and awareness requirements for operational staff.

Answer 23

operational, efficient and secure network

Question 24

Administrators responding to alerts must understand their options, the impact of each option, and why it’s critical to choose the right option for the business. In many ways, virtualization only increases the number of options available to administrators as compared to a pure physical infrastructure. However, while more options do provide greater flexibility, they also add to ____ and create a higher probability of making the wrong decision.

Answer 24

complexity

Question 25

From an auditing perspective, log files must have proper access controls in place to prevent unauthorized tampering. Logs may need to be retained and archived based on the organization’s
compliance requirements and environment. Logs gained from virtualization systems should be treated just like those from an operating system on physical machines but with more
____ since they contain data about multiple virtual machines.

Answer 25

attentiveness