Welcome back to cyber ery. I'm your subject matter expert, Kelly Hander Han and we're continuing with our com t I A advanced security Practitioners certification class and we're on to the topic of enterprise computing. This is a huge topic on the exam, and it has a little bit of everything.
You know, it pulls together basic network fundamentals. We talk about virtual ization
storage solutions on the network. We talk about, uh, networked apologies, protocols and standardization and identity management. So there's a lot of good material here. You want to make sure that this is a domain that you really focus your efforts on.
Ah, and that you're solid on all of the details.
So when we talk about what we're gonna cover like I mentioned, we're gonna start off with virtual ization. We'll talk about the benefits of virtual ization, little bit about the origins of virtual ization, and then some of the security concerns,
enterprise storage solutions and their security implications. Whether we're storing locally on our network, we're sending our storage up to the cloud where whatever that may be, we've got to think about the security requirements in the considerations, how to design in deploy a secure network infrastructure
and how to secure our enterprise
applications. Now that could be a six months course, certainly. But we're gonna hit some of the basics in the main things to think about and then advanced authentication concepts. And when we talk about authentication and authenticity, we want to be able to verify an identity and identity is just a claim. I claim to be Kelly Hander him,
but you want to follow that up with proof of that claim. So we're gonna look at some of the protocols
and some of the mechanisms that will provide the additional authentication.
All right, so let's start off with virtual ization, which is becoming very, very popular today. On has been popular for number of years, and a lot of people, you know, you think about virtualization. You might think about VM, where Microsoft's product there's hyper V virtualization has been around for a long, long time.
You know, if you go back to the days of DOS um
and that's that's a little bit of, ah, while back. But when we had DOS a Czar Mike Main operating system and we had applications designed to run in dolls. Those applications wanted to run and dolls.
Now we might want Windows 95 again going back a little while, but we might have wanted Windows 95 on our desk cops because of ease of use for end users. But we have these applications that want to run in DOS. So what was the solution? Built into Windows 95 was a doll's virtual machine or a D V M.
The doll spaced applications would run in the context
of that virtual machine, and what we're doing is basically tricking the application into thinking it ran on dolls. So that being an idea that's been around for years and years, decades has now really become
it has come to the forefront. Us far solutions go for supporting an enterprise environment. So when we talk about virtual ization there, three main types of virtual is ations with virtualization. We want to consider server virtualization. We want to talk about desktop virtual ization and then application
and all three of those elements certainly have their benefits.
Now let's start off by talking about server virtual ization. One of the things that I was involved in when I worked with the Foreign Service Institute is in the backend server room. We maybe had something like 17 physical servers, and the reason we had all of these physical servers
it is that we had certain service is that would conflict with other service. Is
there were certain service is you didn't want to put on the same machine together because they either interfered with each other or there was the potential for
there's a potential for conflict.
So what you would do in the past as you had several different possibilities. But one of the easiest possibilities, at least from a server based standpoint, was just have separate physical boxes, you know, and we've had issues like this for a long time. I remember at one point in time, dual boot systems were very, very popular.
You would have one server application that wanted to run on Windows 2000. You'd have a different application that wanted to run on linens.
Well, the solution, you know, before virtualization was brought mainstream was have a Lennox box have a Windows box windows app on the Windows box Lennox app on the Lenox box. But of course, the problem with that is cost and expense. It takes a lot of money to have 17 different boxes to keep them maintained
to keep them upgraded as necessary.
It takes a lot of space in your server room.
So with VM wear and with hyper V both products that provide virtual ization, the idea is individual software based systems. So we have a logical system on a physical box, and we might have 10 logical systems. So the whole purpose of virtual ization is isolation.
And so, with something like the M wear, for instance, we can create multiple virtual machines.
Every virtual machine gets their own operating system. Each operating system operates within its own confines. So you get that isolation across platforms. Eso we went something like from 17 servers down to five physical servers saves this hardware call saves a space.
Ah, and it was very beneficial.
Now, if you do think about it, though, going from 17 servers to five servers, good saves money
We are running multiple servers, multiple logical servers on the same physical box. So we're putting all of the servers dependent upon one set of physical hardware. So you've got that single point of failure that might take down your D. N s server and your database server
and your D h e p server, your domain controller. Whatever elements you might have running on the same box
so we think about that is a big concern. We never want to put all our eggs in one basket. So if we have five, service is running on a single machine and we have a hard drive failure, power supply failure, whatever that might be. It's going to take down all those service is.
There are also attacks on VM there a couple of attacks designed it, sniffing out in determining how many V EMS Air on a system. And those attacks might be testable are called Scooby Doo,
as in sniffing out of Virtual Machine
Red Pill, which goes back to the Matrix. And then there's another one called L D T L D T Scooby Doo in Red Pill sniff out of Virtual Machine. They're not really an attack on the virtual machine, but it's in my best interest. If I know how many V EMS you're running on a system, you got six V EMS running on a single system
that might be a really good target for me is an attacker to think about for denial of service.
There's also an attack called VM Escape, where the idea is you might have a V M that's connected to the Internet. Ah, and if I compromise that VM through Veum escape, I can operate not just in your V M. But I can access the host operating system
and thereby accessing other
virtual machines as well. So we want to be concerned about those threats, and we know
that there is no solution that fixes every problem. Virtual virtualization Very valid. It's very helpful has, ah, profound cough savings, cost savings potential. But we realize that there are some things that are better off isolated on their own physical system.
With that own physical system sometimes pulled off the network,
for instance, something like certificate authorities, which we talk about with the cryptography. If you have a root certificate authority, you're doing your own P K I. Internally, it's best to take that route certificate authority off the network, not just another virtual machine that shut down, but
take it off the network. And I'm a big believer that something's
really need to be physically isolated instead of just virtually isolated.
All right, so server virtualization very, very helpful. And really, it's kind of gotten us away from the need to dual boot systems like we used to. I remember back when Windows 2000 came out and I had been, um and this was just for my home system. I've been running Windows 98 2nd Edition is a client, and my printer
on Lee worked on Windows 98 2nd edition. They didn't have a driver that worked with Windows 2000 yet. So what I actually did at home was I set up a dual boot system where this was very cumbersome. But if I needed the print, I'd boot into Windows 98. And if I didn't need to print, I boot into Windows 2000
and yeah, that was a cumbersome solution. But you know, at the time
you go back to the early two thousands Before people were really trained and knowledgeable about virtualization. That was a viable solution, and it was not unusual at all to see dual boot servers in the back end sometimes even try boot servers, depending on what service is were necessary. So server virtualization A big help
now desktop virtual ization, desktop virtualization. Been around for a long time, too. As a matter of fact, if you go back to mainframe environments and if you think about we had the mainframe and the big glass house protected, Um, that was the system on which all processing happened. But what was on client desk cops?
What? Sat on their system on their desk? Cops? A terminal? What terminal does desktop virtualization? It shows me the desk cop, as if I'm sitting in front of the actual machine that's doing the processing. But I'm not. I'm on a dumb terminal. And as a matter of fact, one of the things that I always find this funny is that
the more things change, the more they stay the same
many times our solutions come full circle. You go back to the eighties where we had mainframe environments and we had dumb terminals on systems, and then all of a sudden we went to a distributed environment where we had client server. We had peces on the desktop and they could do their own processing.
And that was such a great solution. So we all moved over to distributed computing.
And now you hear the buzz words, then client, What is a thin client? Let's take these $2000 PCs that we have on our desktops. And let's make a map like a $35 dumb terminal.
You know, it's a full circle. Let's go back to desktop virtual ization. Why, while several reasons think about all the updates that applications go through during the course of their life span, Hey, if those applications are installed on a terminal server
and my clients access that terminal server and I'm sure you've heard of Citrix, I'm sure you've heard of server forms.
You know, it's the idea of these clients are connecting into a system, and it's that system that actually hosts the application. So what system do I have to update just the terminal server? What system has to be configured? Just the terminal server?
The idea of thin clients you know you can go bankrupt trying to keep up with the latest greatest hardware. And if I'm trying to get 200 client computers with eight gigs, Ram, a 3.5 gig multi core processor, solid state drives. I'll go bankrupt.
But if I invest my money effort, energy on the backend server and have a very robust set of hardware there,
focus all my efforts and energy on a single server, then I'm able to have clients. Were the hardware is not essential or as essential. That's why we call them, then clients. Okay, so that's desk cop virtual ization. It simply means I'll connect into a server. And when I access my screen, excuse me,
it looks like a mask accessing the actual server, and I am accessing the actual server, but it appears as if I'm sitting in front of it. Which, of course, I'm not
all right. The next is application virtual ization. And when we talk about application virtual ization, there are some applications that just do not play nicely together. They may fight over d l l's. They may overwrite certain files from the previous installation you know a good example might be,
Let's say our accounting team needs to run both Office 2007
and office 2010 on the same systems. Well, you know, office 2010 is designed toe upgrade 2007 it's not designed really to coexist with it. So you confined. When you do that installation, you have files that are overwritten, and now 2007 doesn't work all of a sudden.
Well, you have application virtual ization programs like,
uh, I believe it's called Abbvie. It used to be called Soft Grid, but that's Microsoft product that allows each application its own separate space in its own set of resource is so that you don't have to have a full virtual machine, and certainly a virtual machine would fix that. But I have to install a full virtual machine,
have to install secondary operating system
I have to have all the resource is for that secondary operating system. So again, they're often many ways to do the same thing. It cannot find the way that's most efficient. So if it's just a matter of two applications that don't like to run and or to co exist, I'll use application virtual ization.
So the pros and cons often this is way of saving money. It's a way of streamlining. It's a way of isolating tasks and applications that don't work very well together. But the downside of that is you may have to have additional system. Resource is the, um,
uh, running the same
programs. Service's applications on the same system would again go back to that single point of failure. So they're always pros and cons. And what is it that drives my decision? Cost benefit analysis are the risks justified by the benefits and always, just like anything else? Server, virtualization application, virtualization,
desk cop, virtual ization You would consider those elements.