Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
VMware vSphere Security Cookbook

You're reading from   VMware vSphere Security Cookbook Over 75 practical recipes to help you successfully secure your vSphere environment

Arrow left icon
Product type Paperback
Published in Nov 2014
Publisher
ISBN-13 9781782170341
Length 334 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Michael Greer Michael Greer
Author Profile Icon Michael Greer
Michael Greer
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Threat and Vulnerability Overview FREE CHAPTER 2. ESXi Host Security 3. Configuring Virtual Machine Security 4. Configuring User Management 5. Configuring Network Security 6. Configuring Storage Security 7. Configuring vShield Manager 8. Configuring vShield App 9. Configuring vShield Edge 10. Configuring vShield Endpoint 11. Configuring vShield Data Security 12. Configuring vSphere Certificates 13. Configuring vShield VXLAN Virtual Wires Index

Security concepts

This book contains a number of security, compliance and encryption topics that might not be second nature to the reader. This section will provide an overview of concepts and methods discussed in the book along with references for further information.

Data classifications

Data classifications are used to assign data at the right level of protection and security based on the content type and sensitivity required. Personally Identifiable Information (PII) and Protected Health Information (PHI) are two of the classifications referenced.

  • PII: Information that can uniquely identify an entity is considered PII. An example includes Social Security Number (SSN), home address, birthdate, e-mail address, and application login information.
  • PHI: Information created or derived from a hospital, physician, and healthcare providers specific to an individual's past, present and future medical condition. There is also a growing concern over the activity information recorded by wearable devices by privacy experts.

Cryptography

Symmetric Encryption: This utilizes a shared secret key to encrypt and decrypt messages. Both the sender and recipient utilized the same key to encrypt and decrypt information passed between them. The key can take the form of a complex string, for example. The encryption algorithm along with its key length determine the relative strength of the key. The strongest current block cipher is Advanced Encryption Standard (AES).

Asymmetric Encryption: This utilizes a public key and a private key. A message encrypted by the private key can only be decrypted by the public key and vice versa. The public key is available to anyone, while the private key is kept secret. Public key certificates utilize asymmetric encryption and provide information about the organization to which the certificate was issued.

Certificates

Certificates provide digital identification and a mechanism to establish trust. We can think of a certificate as a driver's license or government issued ID card. The trusted root authority can be thought of as the government in this example. The license or ID can be thought of as the certificate. When someone checks our ID to verify our identity, they trust the authority that issued that ID. Likewise, when a certificate is issued from a trusted authority, we can be assured the identity represented by the certificate is genuine.

Also known as digital certificates or X.509 certificates, these certificates are widely used by websites to prove their identity to the web browser. Certificates can also be used for mutual authentication where not only does the web browser trust the website, but also the web site trusts the web browser.

Public Key Infrastructure (PKI) generates certificates in both public and private scenarios. A Certificate Authority (CA) is the mechanism that responds to proper certificate requests and returns certificates to the requesting party. Verisign, Thawte, and Digicert are examples of public CAs, meaning a certificate issued by them is trusted by the majority of commercial web browsers by default. A private CA is usually set up within a corporate network, and the certificates issued are only trusted by machines on the corporate network.

Virtual Private Networks

Virtual Private Networks (VPN) provide a network tunnel between two endpoints through which information is encrypted (protected) from the network traffic outside the VPN tunnel. There are two main types of VPN tunnels in use today: IPSEC and SSL. IPSEC stands for Internet Protocol security, while SSL stands for Secure Sockets Layer.

You have been reading a chapter from
VMware vSphere Security Cookbook
Published in: Nov 2014
Publisher:
ISBN-13: 9781782170341
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image