作者:John Hoopes
出版日期:December 26, 2008
出版社:Syngress
页数:348
ISBN:ISBN-10: 1597493058 ISBN-13: 978-1597493055
文件格式:PDF
Book Description
The only book to combine in one place all the hot virtualization applications security professionals are searching for!
Product Description
One of the biggest buzzwords in the IT industry for the past few years,virtualization has matured into a practical requirement for manybest-practice business scenarios, becoming an invaluable tool forsecurity professionals at companies of every size. In addition tosaving time and other resources, virtualization affords unprecedentedmeans for intrusion and malware detection, prevention, recovery, andanalysis. Taking a practical approach in a growing market underservedby books, this hands-on title is the first to combine in one place themost important and sought-after uses of virtualization for enhancedsecurity, including sandboxing, disaster recovery and highavailability, forensic analysis, and honeypotting.
Already gaining buzz and traction in actual usage at an impressiverate, Gartner research indicates that virtualization will be the mostsignificant trend in IT infrastructure and operations over the nextfour years. A recent report by IT research firm IDC predicts thevirtualization services market will grow from $5.5 billion in 2006 to$11.7 billion in 2011. With this growth in adoption, becomingincreasingly common even for small and midsize businesses, security isbecoming a much more serious concern, both in terms of how to securevirtualization and how virtualization can serve critical securityobjectives.
Titles exist and are on the way to fill the need for securingvirtualization, but security professionals do not yet have a bookoutlining the many security applications of virtualization that willbecome increasingly important in their job requirements. This book isthe first to fill that need, covering tactics such as isolating avirtual environment on the desktop for application testing, creatingvirtualized storage solutions for immediate disaster recovery and highavailability across a network, migrating physical systems to virtualsystems for analysis, and creating complete virtual systems to enticehackers and expose potential threats to actual production systems.
About the Technologies
A sandbox is an isolated environment created to run and testapplications that might be a security risk. Recovering a compromisedsystem is as easy as restarting the virtual machine to revert to thepoint before failure. Employing virtualization on actual productionsystems, rather than just test environments, yields similar benefitsfor disaster recovery and high availability. While traditional disasterrecovery methods require time-consuming reinstallation of the operatingsystem and applications before restoring data, backing up to a virtualmachine makes the recovery process much easier, faster, and efficient.The virtual machine can be restored to same physical machine or anentirely different machine if the original machine has experiencedirreparable hardware failure. Decreased downtime translates into higheravailability of the system and increased productivity in the enterprise.
Virtualization has been used for years in the field of forensicanalysis, but new tools, techniques, and automation capabilities aremaking it an increasingly important tool. By means of virtualization,an investigator can create an exact working copy of a physical computeron another machine, including hidden or encrypted partitions, withoutaltering any data, allowing complete access for analysis. Theinvestigator can also take a live ?snapshot? to review or freeze thetarget computer at any point in time, before an attacker has a chanceto cover his tracks or inflict further damage.
A honeypot is a system that looks and acts like a productionenvironment but is actually a monitored trap, deployed in a networkwith enough interesting data to attract hackers, but created to logtheir activity and keep them from causing damage to the actualproduction environment. A honeypot exposes new threats, tools, andtechniques used by hackers before they can attack the real systems,which security managers patch based on the information gathered. Beforevirtualization became mainstream, setting up a machine or a wholenetwork (a honeynet) for research purposes only was prohibitive in bothcost and time management. Virtualization makes this technique moreviable as a realistic approach for companies large and small.
* The first book to collect a comprehensive set of all virtualization security tools and strategies in a single volume
* Covers all major virtualization platforms, including market leaderVMware, Xen, and Microsoft?s Hyper-V virtualization platform, a newpart of Windows Server 2008 releasing in June 2008
* Breadth of coverage appeals to a wide range of securityprofessionals, including administrators, researchers, consultants, andforensic