Tim Pierson here, Yes it is being rolled out to Europe this fall at
TSTC.NL and Sequrit.nl. It will also be taught in German, French, and Spanish using English materials late this quarter. The course is currently avail in many areas in the US currently. Just Google the title below in bold and you can check out the nearest partner who is delivering it in your area. The course title is actually, Hacking Uncovered:VMware - What every system administrator should know. The Hacking Uncovered part was used to make it catchy.
The title was a little long so we shortened it to
Hacking Uncovered:VMware.
Let me give you a little history of why I did this.
First off let me say that VMware is probably one of the most secure environments I have ever worked with, given that it is installed in a secure manner. It is NOT secure out of the box taking the defaults in my opinion. Of course I could post quite a few of my exploits I have uncovered in developing the course on a You Tube video and how to steal credentials from your virtual environment, even the complex password protected vpxuser that connects the Host to the VC by simply rebooting the Host and waiting for it to drop this in your lap. But this is not about providing Hackers ammuntion, it is about securing our DataCenters. Now in VMware' defense the right conditions would have to be met, and you would have to have access to the network segment that the VC and Host are on, but it is alarming none the less. A sample of an actual intercept is posted below.
xmlns="urn:vpxa3"><_this type="VpxapiVpxaService">vpxa</_this><userName>vpxuser</userName><password>*{color:#ff0000}BkGiD3-b6:F8]d28\lBk=b{2993H[rag*{color}</password><soapPort>443</soapPort><hostIp>172.16.4.40</hostIp></LoginVpxa>
Texiwill and I showed this to VMware at VMWorld since then we have been exchanging emails with the security department so they can recreate and address this. We show you those exploits in the class so that you can more easily protect yourself in your environment
Most Security people are new to the virtual environment. Naturally they do not trust it. Which is how it should be. Most Security people don't have the time or equipment to test each scenario of how it should be deployed and usually rely on best practices. This is a good way to get started, but when virtualization software, like VMware starts thinking outside the box (which they should) and tell you that you can now feel safe running all things on one host including your DMZ environment most security people are skeptical (as they should be).
I wanted to create a lab environment to set up each of these scenarios, from logging in to manage the environment to accessing remote data stores, and the necessity of creating a trusted root certificate for your environment by having the student attack each of these scenarios. Also showing that under some conditions even if all things were done correctly according to best practices you still could be vulnerable.
When I wrote the course I tried to approach it from the perspective of how an attacker would obtain access to your virtual environment. I often tell my attendees at my speaking engagements: "How can I possibly tell you how to protect your home unless I first show you how the burglar breaks into it"
So to make the class interesting the students put on their "Black Hat" and actually break into the environment using common hacking tools and some that I specially created or modified to work in the virtual environment. I do this in order to drive home the point of how easy this would be for an attacker to accomplish this same thing. Most people are amazed at how vulnerable they actually are and immediately take steps to fix these problems in their own environment. That was the entire reason for writing the class and to draw attention to this very important topic. A topic I feel that if not address will be the downfall of the datacenter and could possibly lead to the next 911 this time in the electronic world because of lax or misunderstood security measures that are all too easy to set up in the virtual enviroment.
As most of you know Sys Admins and Security Personnel are usually two different groups in a physical environment. But when we move to the virtual environment each must share a lot of the same responsibilities. Unfortunately a good number of Security people are not familiar with the virtual environment and it is just human nature to either blame or at least not trust something that you are not familiar with. I wanted to create a classroom environment where both the security people and the system administrators can try all of the tests and discover* "on their own"* in prewritten lab exercises how safe or in some cases how vulnerable they are using the various settings in VMware. Just as most security admins I was always the type of person that will believe it if you show it to me, and more importantly remember it if you scare me. But if you just mention that this could happen in theory it is often passed off as, "Well that could not really happen to me". I wanted to create an environment where the students, be they System Admins or Security Personnel could test each area that "Texiwill" exposed in his book of which I am a contributor.
They would then know firsthand what to feel safe about or what they need to immediately fix.
I did not post this for sales purposes or to try and drive people to the class. I genuinely wish to draw attention to this critical deficit in our datacenters. If handled correctly we can all enjoy a more secure environment while achieving all the benefits virtualization has to offer. This course is not about hacking into VMware it is about stopping the attacker from doing just that.
Hope this helps, but if you have questions please email me. TJPierson@Data-Sentry.com or TPierson@VMTraining.net
