Hi Guys,
Tim Pierson here. I am the developer of the course described above. Thanks for your interest in the course. Yes it is being rolled out to Europe this fall at TSTC.nl and Sequrit.nl. It will also be taught in German, French, and Spanish using English materials late this quarter. The course is currently avail in many areas in the US currently. Just Google the title below in bold and you can check out the nearest partner who is delivering it in your area. The course title is actually, Hacking Uncovered:VMware - What every system administrator should know. The Hacking Uncovered part was used to make it catchy.
The title was a little long so we shortened it to: h4. Hacking Uncovered:VMware.
Let me give you a little history of why I did this.
First off let me say that VMware is probably one of the most secure environments I have ever worked with, given that it is installed in a secure manner. Period! It is NOT secure out of the box taking the defaults in my opinion. I wanted to find a way to bring this to the attention of the public who uses this great product.
A lot of thought went into the development of this course. I have been a professional hacker for many years. Now if I wanted to defame this fantastic product ...then of course I could post quite a few of my exploits theorized by Texiwill in his book and some new ones I have uncovered in development of the course on a YouTube video. For example how to steal credentials from your Virtual Center and Hosts during the login process. Even the complex password protected vpxuser that connects the Host to the VC can be stolen by simply rebooting the Host and waiting for it to drop this in your lap utilizing one of the modified tools I wrote for this purpouse. But this course is not about providing Hackers ammuntion, it is about securing our DataCenters. It should be noted that in VMware's defense the above is possible only given the right conditions, and you would have to have access to the network segment that the VC and Host are on. The unfortunate truth is that in my research this setup is all too common. Once the complex password is obtained it is easy to simply log directly into the host using the vpxuser and stolen complex password.
A sample of an actual intercept is posted below.
xmlns="urn:vpxa3"><_this type="VpxapiVpxaService">vpxa</_this><userName>vpxuser</userName>
<password>BkG532dfy6e4yxc64u75iD3-b6:F8]d28\lBk=b{2993H[ragolor</password><soapPort>443</soapPort><hostIp>172.16.4.40</hostIp></LoginVpxa>-----
If you would like to see video clip of the above attack please email me privately. I can't guarantee that I can send it but I will try. VMware has not yet addressed all these issues and to be considerate we have agreed to keep some of these attacks under wraps and not published to the general public.
Texiwill and I showed this to VMware at VMWorld and since then we have been exchanging emails with the security department so they can recreate and address this. We will show you those exploits and you will do this yourself in the class so that you can have first hand knowledge of how easy it might be to fall victim to this in your environment and correct the situation before it exists.
Most Security people are new to the virtual environment. Naturally they do not trust it. Which is how it should be. Most Security people don't have the time or equipment to test each scenario of how it should be deployed and usually rely on best practices. This is a good way to get started, but when virtualization software, like VMware starts thinking outside the box (which they should) and tells you that you can now feel safe running all things on one host including your DMZ environment most security people are skeptical (as they should be).
I wanted to create a lab environment to set up each of these scenarios, from logging in to manage the environment to accessing remote data stores, and the necessity of creating a trusted root certificate for your environment by having the student attack each of these scenarios. Also showing that under some conditions even if all things were done correctly according to best practices you still could be vulnerable.
When I wrote the course I tried to approach it from the perspective of how an attacker would obtain access to your virtual environment because I am a professional hacker. I often tell my attendees at my speaking engagements: h4. "How can I possibly tell you how to protect your home unless I first show you how the burglar breaks into it?"
So to make the class interesting the students put on their
"Black Hats" and actually break into the environment using common hacking tools and some that I specially created or modified to work in the virtual environment. I do this in order to drive home the point of how easy this would be for an attacker to accomplish this same thing. Most people are amazed at how vulnerable they actually are and immediately take steps to fix these problems in their own environment.
That was the entire reason for writing the class and to draw attention to this very important topic. A topic I feel that if not address will be the downfall of the datacenter and could possibly lead to the next 911 this time in the electronic world because of lax or misunderstood security measures that are all too easy to set up in the virtual enviroment.
As most of you know System Administrators and Security Personnel are usually two different groups in a physical environment. But when we move to the virtual environment each must share a lot of the same responsibilities. Unfortunately a good number of Security people are not familiar with the virtual environment and it is just human nature to either blame or at least not trust something that you are not familiar with. I wanted to create a classroom environment where both the security people and the system administrators can try all of the tests and discover*
"on their own"* in prewritten lab exercises how safe or in some cases how vulnerable they are using the various settings in VMware. Just as most security admins I was always the type of person that will believe it if you show it to me, and more importantly remember it if you
scare me!
But if you just mention that this could happen in theory it is often passed off as, "
Well that could not really happen to me". I wanted to create an environment where the students, be they System Administrators or Security Personnel could test each area that "Texiwill" exposed in his book of which I am a contributor.
"VMware vSphere^TM^ and Virtual Infrastructure Security: Securing ESX and the Virtual Environment"ISBN-10: 0137158009 Pearson Publishing. So there you go Ed!
They would then know firsthand what to feel safe about or what they need to immediately fix.
I did not post this for sales purposes or to try and drive people to the class. I genuinely wish to draw attention to this critical deficit in our datacenters. If handled correctly we can all enjoy a more secure environment while achieving all the benefits virtualization has to offer. This course is not about hacking into VMware it is about stopping the attacker from doing just that.
Hope this helps, but if you have questions please email me.
TJPierson@Data-Sentry.com or
TPierson@VMTraining.net
Any responses and comments are welcomed!
DataJock78.
