Practical audit advice you can use today.
# 32 : Auditing the Cloud!
Virtualization is here to stay. That's not to say it's a bad thing, but among the things that we spend some time talking about in the SANS Audit 507 course are the most common and most serious security mis-configurations and hazards that we find in virtualized environments. Also in the course we spend time demystifying the VMWare Best Practices guide and give super clear reasons why some of what it recommends is just plain old bad advice!
This video, however, gives you a brief 34 minute look at one of the lab exercises in that audit/security course. The lab will give you broad-brush familiarity with the vSphere management client, discuss common issues in ESXi configurations in addition to demonstrating how to get specific data that is related to some of the more common problem areas in these systems. For a more detailed discussion into this topic and many others you might consider this class: http://www.sans.org/course/auditing-networks-perimeters-systems
© 2011, David Hoelzer & EnclaveForensics