Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting (Paperback)

John Hoopes

  • 出版商: Syngress Media
  • 出版日期: 2008-12-01
  • 定價: $1,980
  • 售價: 6.0$1,188
  • 語言: 英文
  • 頁數: 384
  • 裝訂: Paperback
  • ISBN: 1597493058
  • ISBN-13: 9781597493055
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

商品描述

One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.

Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives.

Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.

About the Technologies

A sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.

Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.

A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.

* The first book to collect a comprehensive set of all virtualization security tools and strategies in a single volume
* Covers all major virtualization platforms, including market leader VMware, Xen, and Microsoft's Hyper-V virtualization platform, a new part of Windows Server 2008 releasing in June 2008
* Breadth of coverage appeals to a wide range of security professionals, including administrators, researchers, consultants, and forensic

商品描述(中文翻譯)

在過去幾年中,虛擬化一直是IT行業中最熱門的詞彙之一,已經成熟並成為許多最佳業務場景中的實際需求,對於各種規模的公司的安全專業人員來說,它成為一個無價的工具。虛擬化不僅節省時間和其他資源,還提供了前所未有的手段來檢測、預防、恢復和分析入侵和惡意軟件。本書以實用的方式探討了虛擬化在增強安全性方面的最重要和最受追捧的用途,包括沙盒、災難恢復和高可用性、法庭鑑識分析和蜜罐等。

根據Gartner的研究,虛擬化將成為未來四年IT基礎設施和運營中最重要的趨勢。IT研究公司IDC的最新報告預測,虛擬化服務市場將從2006年的55億美元增長到2011年的117億美元。隨著虛擬化在中小型企業中的普及,安全性正變得更加嚴重,無論是如何保護虛擬化還是虛擬化如何實現關鍵安全目標。

雖然已經有一些書籍填補了保護虛擬化的需求,但安全專業人員還沒有一本書概述虛擬化的許多安全應用,這些應用在他們的工作要求中將變得越來越重要。本書是第一本填補這一需求的書籍,涵蓋了許多戰術,例如在桌面上為應用程序測試隔離虛擬環境,為網絡上的災難恢復和高可用性創建虛擬化存儲解決方案,將物理系統遷移到虛擬系統進行分析,以及創建完整的虛擬系統來吸引黑客並暴露對實際生產系統的潛在威脅。

關於技術方面,沙盒是一個創建的隔離環境,用於運行和測試可能存在安全風險的應用程序。恢復受到破壞的系統只需重新啟動虛擬機器,即可恢復到故障之前的狀態。在實際生產系統中使用虛擬化,而不僅僅是測試環境,可以為災難恢復和高可用性帶來類似的好處。傳統的災難恢復方法需要耗時的重新安裝操作系統和應用程序,然後才能恢復數據,而備份到虛擬機器可以使恢復過程更加簡單、快速和高效。虛擬機器可以恢復到同一台物理機器,或者如果原始機器發生不可修復的硬件故障,則可以恢復到完全不同的機器。減少停機時間可以提高系統的可用性,提高企業的生產力。

虛擬化多年來一直被用於法庭鑑識分析領域,但新的工具、技術和自動化能力使其成為一個越來越重要的工具。通過虛擬化,調查人員可以在另一台計算機上創建一個完全相同的物理計算機的工作副本,包括隱藏或加密的分區,而不會更改任何數據,從而可以進行完整的分析。調查人員還可以進行實時“快照”,以在攻擊者有機會掩蓋蹤跡或造成進一步損害之前,對目標計算機進行審查或凍結。

蜜罐是一個看起來和真實生產環境相同,但實際上是一個受監控的陷阱系統,部署在一個具有足夠有趣數據的網絡中,以吸引黑客,但旨在記錄他們的活動並防止對實際生產環境造成損害。蜜罐可以暴露黑客使用的新威脅、工具和技術,使安全管理人員能夠在他們攻擊真實系統之前了解到這些威脅。

以上是本書的內容概述,介紹了虛擬化在增強安全性方面的重要應用。