In this presentation each on the categories and requirements of the PCI/DSS standard 1.1 will be compared to settings within the Virtualization configuration of a VMware ESX Server 3.x machine. Security professionals who wish to have a closer look at the security settings possible on a virtualization host for consideration when crafting detailed policies.
As a resource allocation mechanism, Virtualization tools handle all network data passing through guests to the outside world, memory and storage resource access the guest uses to service their application. This gateway function results in the Virtualization host being in scope of PCI/DSS compliance requirements within the definition of 'transmitting' card holder data if one of the host’s guests is in scope of the standard. In this presentation each on the categories and requirements of the PCI/DSS standard 1.1 will be compared to settings within the Virtualization configuration of a VMware ESX Server 3.x machine.
As a resource allocation mechanism, Virtualization tools handle all network data passing through guests to the outside world, memory and storage resource access the guest uses to service their application. This gateway function results in the Virtualization host being in scope of PCI/DSS compliance requirements within the definition of 'transmitting' card holder data if one of the host’s guests is in scope of the standard. In this presentation each on the categories and requirements of the PCI/DSS standard 1.1 will be compared to settings within the Virtualization configuration of a VMware ESX Server 3.x machine.
Areas Covered in the seminar:
- The 12 domains of the PCI/DSS 1.1 standard will be mapped to the ESX Server configuration, where applicable. (Certain administrative and procedural areas, such as physical security are handled out side of the ESX Server 3.x configuration footprint.)
- Configuration settings to help bring the default ESX Server more compliant with the PCI standard will be shared.
- A checklist can be provided off-line detailing the over 100 sub-steps of the standard to ESX Server 3.X.
- Assessment techniques, command line, management server views, and on-host assessment tools will be discussed to enable gathering evidence of host compliance.
Who Will Benefit:
- Security professionals who wish to have a closer look at the security settings possible on a virtualization host for consideration when crafting detailed policies.
- Assessment, Examination, and Audit professionals who wish to have some hands-on guidance on how to collect compliance verification data from an ESX Server.
- System administrators who wish to perform a self-assessment of their ESX Servers to gauge compliance and plan any remediation efforts.
Course Provider
Michael Hoesing,
