The essential VCDX study plan for security.
List of articles in my VCDX Deep-Dive series (more than 70 posts)
Here is the list (in no particular order, I typed them as they occurred to me):
- Compliance – PCI DSS, HIPAA, Sarbanes-Oxley etc. – How will it impact your design?
- Network Filtering
- Application Filtering
- IPS/IDS/HIDS
- SMTP Gateways
- Web Proxy
- Defence in Depth and Layering
- Network Segmentation
- DMZ
- RBAC
- Restricted Networks
- Anti-Virus and EndPoint Protection
- vCNS/vShield
- UTM
- HSM
- Data Encryption
- DLP
- MFA
- ACLs on Routers
- Identity Management
- Port Security – NAP/NAC
- vSphere security mechanisms
- How to secure iSCSI, NAS?
- Wireless Security for VDI
- IPSec/SSL VPNs
- SSL Security/PKI
- Physical Security
- Hardening processes
- Security Testing
- Separation of IT Governance/Information Security and Security Operations
- Identity and Access Management/Directory Services/Kerberos/LDAP
- Security Event Monitoring
- Configuration compliance
- Security Incident Management
- Types of Threats and Threat Matrices – what am I protecting against?
- Who are the major vendors for security products?
Resources you may want to consider:
- Security of the VMware vSphere Hypervisor Whitepaper (recently updated by Mike Foley of VMware)
- VMware Free Compliance Checkers for VCM
- Mike Foley’s blog
- Security blog launch point
- Another Security blog collation
Validate these scenarios:
- My customer is a hospital and they have a HIPAA compliance requirement. My plan is to use a common vSphere HA/DRS/SDRS cluster for all workloads. Will the HIPAA Auditor approve my design?
- My design places the vSphere management interfaces in a common subnet with Production workloads. Is this a good idea?
- My customer has a requirement for NAS storage. I am going to secure the NAS by filtering host NFS traffic through a firewall. Will I have performance issues?
One thought on “VCDX Study Plan – Security”
Comments are closed.