VCDX Study Plan – Security

The essential VCDX study plan for security.

List of articles in my VCDX Deep-Dive series (more than 70 posts)

Here is the list (in no particular order, I typed them as they occurred to me):

• Compliance – PCI DSS, HIPAA, Sarbanes-Oxley etc. – How will it impact your design?
• Network Filtering
• Application Filtering
• IPS/IDS/HIDS
• SMTP Gateways
• Web Proxy
• Defence in Depth and Layering
• Network Segmentation
• DMZ
• RBAC
• Restricted Networks
• Anti-Virus and EndPoint Protection
• vCNS/vShield
• UTM
• HSM
• Data Encryption
• DLP
• MFA
• ACLs on Routers
• Identity Management
• Port Security – NAP/NAC
• vSphere security mechanisms
• How to secure iSCSI, NAS?
• Wireless Security for VDI
• IPSec/SSL VPNs
• SSL Security/PKI
• Physical Security
• Hardening processes
• Security Testing
• Separation of IT Governance/Information Security and Security Operations
• Identity and Access Management/Directory Services/Kerberos/LDAP
• Security Event Monitoring
• Configuration compliance
• Security Incident Management
• Types of Threats and Threat Matrices – what am I protecting against?
• Who are the major vendors for security products?

Resources you may want to consider:

• Security of the VMware vSphere Hypervisor Whitepaper (recently updated by Mike Foley of VMware)
• VMware Free Compliance Checkers for VCM
• Mike Foley’s blog
• Security blog launch point
• Another Security blog collation

Validate these scenarios:

• My customer is a hospital and they have a HIPAA compliance requirement.  My plan is to use a common vSphere HA/DRS/SDRS cluster for all workloads.  Will the HIPAA Auditor approve my design?
• My design places the vSphere management interfaces in a common subnet with Production workloads.  Is this a good idea?
• My customer has a requirement for NAS storage.  I am going to secure the NAS by filtering host NFS traffic through a firewall.  Will I have performance issues?