| | |  | Computer Security | Home » » Virtualization for Security: Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting | | | | | | | Product Promotions: | | | | | Description: | | One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.
Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives.
Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.
About the Technologies
A sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.
Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.
A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.
* The first book to collect a comprehensive set of all virtualization security tools and strategies in a single volume
* Covers all major virtualization platforms, including market leader VMware, Xen, and Microsoft's Hyper-V virtualization platform, a new part of Windows Server 2008 releasing in June 2008
* Breadth of coverage appeals to a wide range of security professionals, including administrators, researchers, consultants, and forensic | | | Product Details: | | | Author:
| John Hoopes | | Paperback:
| 384 pages | | Publisher:
| Syngress | | Publication Date:
| December 26, 2008 | | Language:
| English | | ISBN:
| 1597493058 | | Product Length:
| 8.94 inches | | Product Width:
| 7.53 inches | | Product Height:
| 0.89 inches | | Product Weight:
| 1.71 pounds | | Package Length:
| 9.2 inches | | Package Width:
| 7.4 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 1.7 pounds | | Average Customer Rating:
|  based on 3 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 3 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
1 of 1 found the following review helpful:
 Promising and insightful, but shortsighted.Dec 04, 2009
By Joseph W. Shaw II
"Lover of books and information."
As the name implies, this is a collection of writings on the various uses of virtualization in the context of computer security. And while it does provide a decent amount of information to get you started using virtualization in the various areas of computer security discussed, it does a poor job of exploring the various options available to the security practitioner. Furthermore, while the book description claims to cover all major and widely deployed virtualization products, it makes only brief mention of XEN on page 57, where it discusses the caveats of paravirtualization, and it is never touched upon again. Microsoft Hyper-V is given the same treatment, appearing only once on pages 153-154 where it talks about limiting network traffic from virtual machines. This is disappointing when it the book states it covers VMware, XEN, and Microsoft Hyper-V, then only mentions XEN and Hyper-V briefly and in no real detail.
Of course, that is not to say that this book is not valuable, because it is a useful resource if you wish to use virtualization for security tasks such as research or investigations, and it discusses in good detail some of the caveats of using virtualization for those tasks, especially in malware investigation. There are also some great real-world examples of what tools to use and how to use them for various tasks. But, the book concentrates nearly its entire focus on using VMWare, and if you are interested in using other tools like XEN, as I am, you will be disappointed. Some of the details covered in the book about virtualization in general will be helpful with running XEN virtualization for security, but you will need to look at other resources for the details on how to get that running and how to use it, because this book simply does not address it. The book also lacks a bit of cohesion, since it is the collected and edited works of several disparate authors. I could forgive the cohesion issue if it existed on its own, because it is to be expected with this type of book, but the cost of the book coupled with the lack of details on products outside of the VMware family is disappointing enough to give it only three stars.
 Overpromise; UnderdeliverApr 28, 2010
By C. L. Brooks
"Security curmudgeon"
This book reminds me why I rarely buy any Syngress publication any more. I've found that all too frequently Syngress titles over-promise and under-deliver. The same is true for this book. Others have commented on the dearth of information concerning Xen, Hyper-V, or VirtualBox, as well as the CWSandbox tool not being freely available. I myself am OK with focusing solely on VMware, but the version covered is this book is out of date, and several security additions to the platform (such as VMSafe and vShield) aren't covered. Details are missing that would be useful to the practitioner: consider the section on in Chapter 14, "Training," entitled "Suggested Vulnerabilities for Linux." Turning to this section lists exactly one: a modification to an FTP server such that permits an anonymous user access to a user's home directory.
There's also the issue of filler. Let me quote. "Finally, a number of packages were installed which had known buffer overflow issues. Again, these were packages with known buffer management issues." Is there an echo in here? Not to mention the over-size typeface and the pages with a single screen-shot.
It also annoys me no end that the back cover announces in red-accented type: "Buy this book and Syngress gives you access to the e-book version -- FREE!" Go ahead and visit, and try to "find the directions for activating ..." I for one could not.
So: there are some nuggets worth mining in this book, especially if you're new to the whole area of V12n and Security. If you have on-line subscription for technical books, such as Safari, it may be worth a look. But save your hard-earned currency and book-shelf space for some other book.
Recommendation? OK read, no buy.
Decent book but CWSandbox is not offered for free which affects Chapters 3 & 6Apr 08, 2010
By Dickson Kwong
Overall the book is decent, it covers a variety of topics and fairly in-depth. One of the items that upset me was that the book states in Chapter 3 page 73, that CWSandbox has a research version that is offered for free from Sunbelt software. That is completely false as I called the organization, scoured Google and turned up nothing is offered for free, CWSandbox costs 15k annually. The individual I spoke with at Sunbelt even informed me it was never offered for free ever in its existence, it only offers a reduced cost for academia. So I believe the author got his information wrong or needs to provide where we as readers can get it for free. In addition this affects Chapter 6 which is the malware analysis portion, which demonstrates using CWSandbox, so two chapters are worthless unless you have a copy of CWSandbox. The rest of the book is an interesting read but if you are looking to read this book as I was for the Sandboxing be prepared to be disappointed.
| | |
|
