Banking Technology Connections: July 10, 2012
July 10, 2012
Understanding VMWare Logging & Monitoring
Virtualization has become an important component of a Financial Institution’s IT infrastructure. As with any technology, it is important to understand audit logging. In today’s threat environment, it is increasingly important to log as much activity as is technically possible. Not only is it important during a forensic investigation but, it is also important to monitor employees who have access to VMWare infrastructure. Before you begin to implement logging and monitoring, it is critical to understand how VMware logging works.
VMWare logging varies depending on whether you are using ESX or ESXi. ESX is based on the Linux operating system, which logs activity similar to Linux operating systems. ESXi is a hypervisor that is installed on bare metal. We recommend using ESXi because there are several ways to access ESXi hosts; through the console, vSphere (Windows client), and vCenter. Each allows management of the virtual environment, however only one (vCenter) provides sophisticated logging. To ensure administrators are using vCenter and not vSphere or the console, verify that hosts are in lockdown mode. This forces all users to go through vCenter, which stores events in a SQL database.
Logging should be sent/pulled into a central event management system. This information can be pulled through VI API, PowerCLI or Direct SQL access. Once this information is centralized, reports and alerts can be set up to ensure proper monitoring. Examples of activities that are important include role and permissions changes, virtual machine copying or cloning, file copying, failed login, host setting or profile changes, and network settings changes. With this configuration, environments can ensure only authorized activity is being performed within one of the most critical infrastructure components.
One Tuesday each month we will feature comments from our professionals on topical issues. This month's contributor is William Nowik, CISA, CISSP, who is a Senior Manager in the IT Assurance Services group. Please feel free to contact him with any questions at email@example.com.
Interesting Articles of the Week
Microsoft's Tuesday Patch Douses Flame Malware
10 crazy IT security tricks that actually work
PATCO ACH Fraud Ruling Reversed
Cybercriminals build massive banking fraud system in the cloud
BOA Exec Places Importance on Risk Management as New Banking Technologies Emerge
(Via @banktech, Via @BryanYurcan)
Data breach leads to $1.7M fine for Alaska DHSS
As if life isn't tough enough for small business, they are being increasingly targeted by hackers
Commonwealth Bank Launches Android Payments App
Monday, a malicious malware bug will kick thousands of computers off the Internet
Massachusetts Bankers Association publishes ERM article-bottomup approach to sync risk mgmt & compliance objectives
Do you have an article that you would like to share with the group? Let us know and we will add it to the list! Did you miss a newsletter? Check out past newsletters here.
7/19/12 (New Jersey)
ISACA NJ: Auditing IT Outsourcing
8/8/12 (New York, NY)
ISACA NY: HG65: How to Audit z/OS with USS, TCP/IP, FTP, and the Internet
10/17/12 (Marlborough, MA)
Massachusetts Bankers Association: IT Audit Training 2012
Questions? Interested in learning more about Wolf's IT Assurance and Security services?
Please contact Matthew J. Putvinski, CPA, CISA, CISSP, Member of the Firm and Director of IT Assurance and Security services, at (617) 428-5479 or firstname.lastname@example.org.
If you would like to subscribe to this newsletter and receive it via email please contact Laura Lozada at email@example.com.