With companies like Citrix and VMware having multibillion dollar valuations, virtualization is a hot piece of software technology. But not every company deploying it knows of the security risks involved with virtualization, hypervisors and other parts of the technology. Virtualization significantly changes how firms must deal with information security.
Firms love virtualization due to the significant cost savings it brings. But in the rush to save costs, security is often compromised when the hypervisor and other virtualization controls are incorrectly configured.
In Virtualization Security: Protecting Virtualized Environments, Dave Shackleford of the SANS Institute provides an excellent how-to guide to ensure that the security configuration on your hypervisor are indeed configured correctly, to ensure that the underlying hypervisor security controls are indeed working as it should be.
Shackleford is an instructor for the 6-day SANS 579: Virtualization and Private Cloud Securitycourse, and brings his expertise to the book. While the book is no substitute for the intensive class, it does cover all of the key areas.
The book provides a thorough overview of all of the main topics around virtualization security. It details the specific threats and vulnerabilities that are unique to a virtualized environment.
Other chapters provide specific configuration details for the 3 leading hypervisors, namely VMware vSphere and ESXi, Microsoft Hyper-V and Citrix XenServer.
For anyone concerned with ensuring their hypervisor is securely configured, and also wants to know the fundamentals around virtualization security, Virtualization Security: Protecting Virtualized Environments is an invaluable read written by one of the leading experts in the field.