Follow us on Twitter
Visit us on LinkedIn
Like us on FacebookBanking Technology Connections: July 10, 2012
July 10, 2012
Understanding VMWare Logging & Monitoring
Virtualization has become an important component of a Financial Institution’s IT infrastructure. As with any technology, it is important to understand audit logging. In today’s threat environment, it is increasingly important to log as much activity as is technically possible. Not only is it important during a forensic investigation but, it is also important to monitor employees who have access to VMWare infrastructure. Before you begin to implement logging and monitoring, it is critical to understand how VMware logging works.
VMWare logging varies depending on whether you are using ESX or ESXi. ESX is based on the Linux operating system, which logs activity similar to Linux operating systems. ESXi is a hypervisor that is installed on bare metal. We recommend using ESXi because there are several ways to access ESXi hosts; through the console, vSphere (Windows client), and vCenter. Each allows management of the virtual environment, however only one (vCenter) provides sophisticated logging. To ensure administrators are using vCenter and not vSphere or the console, verify that hosts are in lockdown mode. This forces all users to go through vCenter, which stores events in a SQL database.
Logging should be sent/pulled into a central event management system. This information can be pulled through VI API, PowerCLI or Direct SQL access. Once this information is centralized, reports and alerts can be set up to ensure proper monitoring. Examples of activities that are important include role and permissions changes, virtual machine copying or cloning, file copying, failed login, host setting or profile changes, and network settings changes. With this configuration, environments can ensure only authorized activity is being performed within one of the most critical infrastructure components.
Sources:
www.vmware.com
www.ultimatewindowssecurity.com
One Tuesday each month we will feature comments from our professionals on topical issues. This month's contributor is William Nowik, CISA, CISSP, who is a Senior Manager in the IT Assurance Services group. Please feel free to contact him with any questions at wnowik@wolfandco.com.
Interesting Articles of the Week
Microsoft's Tuesday Patch Douses Flame Malware
(Via @mattputvinski)
10 crazy IT security tricks that actually work
(Via @matputvinski)
PATCO ACH Fraud Ruling Reversed
(Via @kgosselin)
Cybercriminals build massive banking fraud system in the cloud
(Via @msjoanieg)
BOA Exec Places Importance on Risk Management as New Banking Technologies Emerge
(Via @banktech, Via @BryanYurcan)
Data breach leads to $1.7M fine for Alaska DHSS
(Via @dataprivacyrisk)
As if life isn't tough enough for small business, they are being increasingly targeted by hackers
(Via @esq140)
Commonwealth Bank Launches Android Payments App
(Via @BankTechNews)
Monday, a malicious malware bug will kick thousands of computers off the Internet
(Via @WSJ)
Massachusetts Bankers Association publishes ERM article-bottomup approach to sync risk mgmt & compliance objectives
(Via @MikeDCohn)
Do you have an article that you would like to share with the group? Let us know and we will add it to the list! Did you miss a newsletter? Check out past newsletters here.
Upcoming Events
7/19/12 (New Jersey)
ISACA NJ: Auditing IT Outsourcing
8/8/12 (New York, NY)
ISACA NY: HG65: How to Audit z/OS with USS, TCP/IP, FTP, and the Internet
10/17/12 (Marlborough, MA)
Massachusetts Bankers Association: IT Audit Training 2012
Questions? Interested in learning more about Wolf's IT Assurance and Security services?
Please contact Matthew J. Putvinski, CPA, CISA, CISSP, Member of the Firm and Director of IT Assurance and Security services, at (617) 428-5479 or mputvinski@wolfandco.com.
If you would like to subscribe to this newsletter and receive it via email please contact Laura Lozada at llozada@wolfandco.com.
