This course is aimed at existing IT Auditors wishing to extend their skills.
Previous experience of IT auditing would be beneficial.
2 days. Hands on.
Nowadays it's hard to find an organisation that hasn't used virtualisation techniques somewhere in its IT infrastructure, and all IT auditors need to be able to identify and evaluate the additional security and management issues that come with virtualisation.
In this intensive 2-day course, you will learn about the various types of virtualisation, how they work and what benefits and risks they can bring to a business. Using demonstrations of the three most popular virtualisation products, VMware's VSphere, Microsoft's Hyper-V and Citrix XenApp Server, you will see how virtualised data centres are set up and managed and how access to them is controlled and monitored.
You will learn the right questions to ask when auditing a virtualised data centre, how to evaluate the answers, and how to use virtualisation management tools such as PowerShell to generate your own audit scripts to extract data from virtualisation servers. You will also receive an audit programme and some sample scripts to get you started.
The Different Types
How Virtual Machines Work
Advantages and disadvantages of virtualisation.
Risks and benefits of a virtualised infrastructure.
Machine provisioning benefits.
Hardware utilisation benefits.
Business continuity risks and benefits.
Risks of improperly managed virtual machines.
Risks of uncontrolled VM communication.
Risks of dormant and suspended VMs.
Auditing in a virtual machine environment.
Identifying and evaluating controls in a virtualised environment.
Microsoft Hyper-V and VMware VSphere
Virtual Machine Managers - privilege and task management.
VMM console access and its risks.
Auditing ESX servers.
Auditing the VSphere and Hyper-V environments.
Audit scripting with PowerShell.
Storage – NAS and SAN – their advantages and disadvantages.
What risks are associated with each type of technology and what countermeasures are available.
Virtual Desktop Infrastructure
What is it for?
How does it work?
What are the risks and benefits of deploying virtualised applications?
Citrix XenApp Server Administration
Setting up a server farm.
Administration via the Management Console.
Configuring Citrix servers.
Controlling access to applications.
Controlling ICA client access.
Controlling web access to the server farm.
Audit questions to ask.