Index
A
- ACLs
- about / Employing Hyper-V virtual switch ACLs
- employing / Employing Hyper-V virtual switch ACLs
- basic port ACLs, using / Using basic port ACLs
- extended port ACLs, using / Using extended port ACLs
- usage / Practical ACL usage
- Add-WindowsFeature cmdlet / Switching between Windows Server modes
- administrative shares / Administrative and hidden shares
- App Controller
- installing / Installing App Controller
- clouds, connecting to / Connecting clouds to App Controller
- role-based security model / App Controller's role-based security model
- application administrator (self-service user)
- official VMM description / The user role group descriptions
- architecture, Hyper-V / Understanding Hyper-V's architecture
- ASLR
- about / Memory isolation
- Authorization Manager (AzMan)
B
- backup
- about / Understanding the role of backup
- basic input/output system (BIOS) / Using Secure Boot
- basic port ACLs
- using / Using basic port ACLs
- basic security concerns, Hyper-V security
- attack motivations / Attack motivations
- untargeted attacks / Untargeted attacks
- targeted attacks / Targeted attacks
- computing device / The computing device
- network / The network
- data-processing points / Data-processing points
- data storage / Data storage
- people / People
- BEAST
- about / Understanding SSL encryption
- BitLocker
- using / Using BitLocker
- about / Using BitLocker
- URL / Using BitLocker
- drawbacks / Using BitLocker
- break-out attack
- about / Process isolation
- breakout
- about / Virtual LAN
C
- certificate-based PowerShell Remoting
- about / Certificate-based PowerShell Remoting
- Host SSL certificate, configuring / Configuring the Host SSL certificate
- Remote System, configuring / Configuring the Remote System
- certificate signing request (CSR) / Configuring the Host SSL certificate
- challenge-handshake authentication protocol (CHAP) / iSCSI security options
- CIFS (Common Internet File System) / Disabling unnecessary components
- Client Hyper-V
- about / Hyper-V terminology, Client Hyper-V
- clouds
- connecting, to App Controller / Connecting clouds to App Controller
- cluster communications
- encrypting / Encrypting cluster communications
- Clustering and High Availability blog
- URL / Using BitLocker
- configuration, Windows Update
- about / Configuring Windows Update
- manual patching / Manual patching
- fully automated patching / Fully automated patching
- staggered patching / Staggered patching
- guinea pig systems / Guinea pig systems
- Create User Role Wizard, SCVMM
- reviewing / The user role group descriptions
- Custom PowerShell Remoting endpoints
D
- data execution prevention (DEP)
- about / Process isolation
- DDOS attacks
- about / DOS and DDOS attacks
- defense in depth approach
- about / A starting point to security
- denial-of-service (DoS)
- about / Memory isolation
- denial of service attack
- about / Targeted attacks
- detection strategies
- DHCP guard
- about / DHCP guard
- DMZ / Relying on domain security
- domain security
- relying on / Relying on domain security
- DOS attacks
- about / DOS and DDOS attacks
E
- EMET
- about / Using security software
- emulated
- about / Other hardware
- Encapsulating security payload (ESP) / iSCSI security options
- Enter-PSSession, Invoke-Command cmdlet / Configuring PowerShell Remoting and its basic usage
- Exit-PSSession cmdlet / Configuring PowerShell Remoting and its basic usage
- exposure, limiting with resource limitations
- about / Limiting exposure with resource limitations
- virtual processor limits / Virtual processor limits
- memory limits / Memory limits
- hard drive I/O limits / Hard drive I/O limits
- virtual network limits / Virtual network limits
- extended port ACLs
- using / Using extended port ACLs
- reference link / Using extended port ACLs
- external virtual switch
- about / Multiple switch types
F
- fabric administrator (delegated administrator)
- official VMM description / The user role group descriptions
- Failover Cluster Manager
- false positive / Employing anti-malware on a virtual machine
- fully automated patching / Fully automated patching
G
- general best practices
- following / Following general best practices
- Microsoft baseline security analyzer / Microsoft baseline security analyzer
- Hyper-V best practices analyzer / Hyper-V Best Practices Analyzer
- applying / Applying general best practices
- Generation 2 virtual machines
- leveraging / Leveraging Generation 2 virtual machines
- Get-WindowsFeature cmdlet / Switching between Windows Server modes
- Group Policy
- about / Leveraging Group Policy
- leveraging / Leveraging Group Policy
- using, with virtual machines / Using Group Policy with virtual machines
- restricting, to virtual machines / Using Group Policy with virtual machines
- group policy
- used, for controlling Hyper-V administrators / Using Group Policy to control Hyper-V Administrators
- Group Policy Management Console
- policy, importing into / Importing a policy into Group Policy Management Console
- guest
- about / Hyper-V terminology
- guinea pig systems / Guinea pig systems
H
- hard disk isolation
- about / Hard disk isolation
- hardware firewalls
- about / Hardware firewalls
- hidden shares / Administrative and hidden shares
- host
- about / Hyper-V terminology
- Hyper-V
- about / Hyper-V terminology
- acquiring / Acquiring Hyper-V
- architecture / Understanding Hyper-V's architecture
- using, with IPsec / Using Hyper-V with IPsec
- Hyper-V administrators
- controlling, group policy used / Using Group Policy to control Hyper-V Administrators
- Hyper-V Administrators
- powers / Powers of Hyper-V Administrators
- Hyper-V Administrators group
- Hyper-V best practices analyzer
- about / Hyper-V Best Practices Analyzer
- Hyper-V BPA, running from Server Manager / Running the Hyper-V BPA from Server Manager
- Hyper-V BPA, running from PowerShell / Running the Hyper-V BPA from PowerShell
- Hyper-V Core
- about / Hyper-V terminology
- Hyper-V hosts
- sample list, of generic best practices / Other practices
- Hyper-V host security
- enhancing, through VMM / Enhancing Hyper-V host security through VMM
- Hyper-V Manager
- Hyper-V Replica traffic
- securing / Securing Hyper-V Replica traffic
- Hyper-V security
- significance / The importance of Hyper-V security, Your stakeholders expect it, The costs of repair exceeds the costs of prevention
- basic security concerns / Basic security concerns, Untargeted attacks, The computing device, People
- Hyper-V Server
- about / Hyper-V terminology, Hyper-V Server, Hyper-V Server
- URL, for downloading / Hyper-V Server
- Hyper-V Server 2012 R2
- LocalGPO, enabling in / Enabling LocalGPO in Windows and Hyper-V Server 2012 R2
- Hyper-V terminology
- Hyper-V / Hyper-V terminology
- Hyper-V Server / Hyper-V terminology
- Client Hyper-V / Hyper-V terminology
- host / Hyper-V terminology
- guest / Hyper-V terminology
- management operating system / Hyper-V terminology
I
- implicit remoting
- about / Leveraging PowerShell Remoting
- integration components
- about / Other hardware
- internal virtual switch
- about / Multiple switch types
- Internet Engineering Task Force (IETF)
- about / Using Hyper-V with IPsec
- Internet Key Exchange (IKE) / iSCSI security options
- intrusion prevention
- Invoke-Command cmdlet / Configuring PowerShell Remoting and its basic usage
- IPsec
- Hyper-V, using with / Using Hyper-V with IPsec
- about / Using Hyper-V with IPsec
- IPsec button / iSCSI security options
- iSCSI connections
- securing / Securing iSCSI connections
- physical isolation / Physical and logical isolation
- logical isolation / Physical and logical isolation
- security options / iSCSI security options
- isolating technologies, virtual switch
- isolation
- about / Understanding the security environment of VMs
- process isolation / Process isolation
- memory isolation / Memory isolation
- hard disk isolation / Hard disk isolation
- network isolation / Network isolation
- isolation security
- practical approaches / Practical approaches to isolation security
J
- jump host / Relying on domain security
K
- key loggers
- about / Untargeted attacks
- knowledge base (KB) / Manual patching
L
- layer 2 network
- about / Virtual LAN
- Link Order number
- LocalGPO
- enabling, in Windows / Enabling LocalGPO in Windows and Hyper-V Server 2012 R2
- enabling, in Hyper-V Server 2012 R2 / Enabling LocalGPO in Windows and Hyper-V Server 2012 R2
- Local Group Policy
- SCM baselines, applying to / Applying SCM baselines to Local Group Policy
- logical isolation / Physical and logical isolation
M
- MAC address
- setting / MAC address settings
- management operating system
- about / Hyper-V terminology
- selecting / Choosing a management operating system
- Hyper-V Server / Hyper-V Server
- full GUI installation, Windows Server / Windows Server – full GUI installation
- Core installation, Windows Server / Windows Server – Core installation
- Minimal Server Interface installation, Windows Server / Windows Server – Minimal Server Interface installation
- switching between, Windows Server Modes / Switching between Windows Server modes
- practical guidance, for deployment selection / Practical guidance to chose a deployment
- management tools
- using / Using management tools remotely
- Remote Desktop, enabling / Enabling Remote Desktop
- remote management tools, enabling / Enabling other remote management tools
- remote access, for non-domain-joined machines / Remote access for non-domain-joined machines
- manual patching / Manual patching
- media access control (MAC)
- about / MAC address settings
- memory access violation
- about / Memory isolation
- memory isolation
- about / Memory isolation
- Microsoft
- URL, for anti-malware official exclusion list / Using security software
- URL, for anti-malware usage guidelines / Using security software
- URL, for download page / Employing remote management tools
- URL, for accessing security site / Other practices
- Microsoft Baseline Security Analyzer (MBSA)
- about / Microsoft baseline security analyzer
- URL, for current version / Microsoft baseline security analyzer
- Microsoft Management Console (MMC)
- Microsoft Message Analyzer
- Microsoft Security Bulletin MS13-092
- Minimal Server Interface / Windows Server – Minimal Server Interface installation
- multi-tenancy
- multiple switch
- configuring / Multiple switch types
N
- network hardware
- leveraging / Leveraging network hardware
- hardware firewalls / Hardware firewalls
- network isolation
- about / Network isolation
- network virtualization
- New-PSSessionConfigurationFile cmdlet / Using custom PowerShell Remoting endpoints
- NTFS security
- configuring, for VM storage / Configuring NTFS security for VM storage
O
- organizational unit (OU) / Importing a policy into Group Policy Management Console
P
- parent partition
- partitions / Understanding Hyper-V's architecture
- perimeter network / Relying on domain security
- phishing
- about / Untargeted attacks
- physical isolation / Physical and logical isolation
- policy
- importing, into Group Policy Management Console / Importing a policy into Group Policy Management Console
- port mirroring
- about / Port mirroring
- PowerShell
- Hyper-V BPA, running from / Running the Hyper-V BPA from PowerShell
- used, for controlling VLAN / Using PowerShell to control VLANs on virtual adapters
- used, for configuring private VLAN / Using PowerShell to configure private VLANs
- used, for setting virtual network adapter protections / Setting Hyper-V protections using Powershell
- PowerShell Remoting
- leveraging / Leveraging PowerShell Remoting
- configuring / Configuring PowerShell Remoting and its basic usage
- PowerShell Remoting, with Invoke-Command
- practical approaches, isolation security / Practical approaches to isolation security
- practical custom PowerShell Remoting endpoints
- private virtual switch
- about / Multiple switch types
- private VLAN
- about / Private VLAN
- primary VLAN / Private VLAN
- secondary VLAN / Private VLAN
- isolated port / Private VLAN
- community port / Private VLAN
- promiscuous port / Private VLAN
- configuring, PowerShell used / Using PowerShell to configure private VLANs
- privilege level
- about / Process isolation
- process isolation
- about / Process isolation
- public key infrastructure (PKI) / Certificate-based PowerShell Remoting
Q
- QoS
- about / Hard drive I/O limits
R
- ransomware
- about / Untargeted attacks
- read-only administrator
- official VMM description / The user role group descriptions
- Remote Authentication Dial-In User Service (RADIUS) / iSCSI security options
- Remote Desktop
- enabling / Enabling Remote Desktop
- remote management tools
- employing / Employing remote management tools
- enabling / Enabling other remote management tools
- Remove-WindowsFeature cmdlet / Switching between Windows Server modes
- ring
- about / Process isolation
- role-based security model, App Controller
- about / App Controller's role-based security model
- benefits / App Controller's role-based security model
- Fabric Administrator (Delegated Administrator) / App Controller's role-based security model
- Read-Only Administrator / App Controller's role-based security model
- Tenant Administrator / App Controller's role-based security model
- Application Administrator (self-service user) / App Controller's role-based security model
- roles
- router guard
- about / Router guard
- Run as accounts feature, SCVMM / Run as accounts
S
- Schannel
- about / Understanding SSL encryption
- SCM
- about / Leveraging Group Policy
- URL / Leveraging Group Policy
- SCM baselines
- exporting / Exporting SCM baselines
- applying, to Local Group Policy / Applying SCM baselines to Local Group Policy
- scope
- about / The user role group descriptions
- SCVMM
- Create User Role Wizard, reviewing / The user role group descriptions
- Run as accounts feature / Run as accounts
- Second Level Address Translation (SLAT)
- about / Client Hyper-V
- Secure Boot / Leveraging Generation 2 virtual machines
- using / Using Secure Boot
- about / Using Secure Boot
- secure self-service
- providing, with Windows Azure Pack / Providing secure self-service with the Windows Azure Pack
- security
- about / A starting point to security
- security environment, virtual machines
- security software
- using / Using security software
- major concerns / Using security software
- Server Manager
- Hyper-V BPA, running from / Running the Hyper-V BPA from Server Manager
- ShowSecurityDescriptorUI parameter / Using custom PowerShell Remoting endpoints
- single-root I/O virtualization (SR-IOV)
- about / Network isolation
- SMB 3.0 shares
- securing, for VM storage / Securing SMB 3.0 shares for VM storage
- administrative shares / Administrative and hidden shares
- hidden shares / Administrative and hidden shares
- social engineering
- about / People
- spam e-mail
- about / Untargeted attacks
- Spammed Persistently All Month (SPAM)
- about / Untargeted attacks
- SQL instance
- about / System requirements
- SSL
- about / Understanding SSL encryption
- SSL, and TrustedHosts
- selecting between / Choosing between SSL and TrustedHosts
- SSL encryption
- about / Understanding SSL encryption
- staggered patching / Staggered patching
- synthetic hardware
- about / Other hardware
- Sysprep tool / Applying SCM baselines to Local Group Policy
- system requirements, App Controller
- about / System requirements
- URL / Installing App Controller
T
- TechNet
- URL / Leveraging PowerShell Remoting, Configuring the Host SSL certificate
- URL, for object creation / Configuring the Remote System
- URL, for firewall rules of VMM / Anything else?
- URL, for installation of Azure Pack / Providing secure self-service with the Windows Azure Pack
- tenant administrator
- official VMM description / The user role group descriptions
- TLS
- about / Understanding SSL encryption
- TrustedHosts-based PowerShell Remoting
- Trusted Platform Module
- about / Using BitLocker
- type 1 hypervisor / Understanding Hyper-V's architecture
U
- Unified Extensible Firmware Interface (UEFI) / Leveraging Generation 2 virtual machines, Using Secure Boot
- unnecessary components
- disabling / Disabling unnecessary components
V
- virtual desktop infrastructure (VDI) / Using Group Policy with virtual machines
- virtual machine
- antimalware, employing on / Employing anti-malware on a virtual machine
- virtual machines
- security environments / Understanding the security environment of VMs
- Group Policy, using with / Using Group Policy with virtual machines
- Group Policy, restricting to / Using Group Policy with virtual machines
- virtual network adapter protections
- configuring / Configuring virtual network adapter protections
- MAC address, setting / MAC address settings
- DHCP guard / DHCP guard
- router guard / Router guard
- port mirroring / Port mirroring
- PowerShell, using / Setting Hyper-V protections using Powershell
- virtual private network (VPN)
- about / Securing Hyper-V Replica traffic
- virtual switch
- isolating technologies, using / Using the virtual switch's isolating technologies
- VLAN / Virtual LAN
- private VLAN / Private VLAN
- network virtualization / Network virtualization
- virtual switch, types
- external virtual switch / Multiple switch types
- internal virtual switch / Multiple switch types
- private virtual switch / Multiple switch types
- VLAN
- about / Virtual LAN
- reference link / Virtual LAN
- controlling, PowerShell used / Using PowerShell to control VLANs on virtual adapters
- VLAN hopping
- about / Virtual LAN
- VMBus
- about / Other hardware
- VMM
- Hyper-V host security, enhancing through / Enhancing Hyper-V host security through VMM
- VMM installation
- securing / Securing the VMM installation
- VMM library shares
- about / VMM library shares
- VM storage
- NTFS security, configuring for / Configuring NTFS security for VM storage
- SMB 3.0 shares, securing for / Securing SMB 3.0 shares for VM storage
W
- Windows
- LocalGPO, enabling in / Enabling LocalGPO in Windows and Hyper-V Server 2012 R2
- Windows Azure Pack
- secure self-service, providing with / Providing secure self-service with the Windows Azure Pack
- Windows Firewall
- using / Using the Windows Firewall
- configuring / Configuring the Windows Firewall
- best practices / Configuring the Windows Firewall
- Windows Management Instrumentation (WMI) / Using Group Policy with virtual machines
- Windows Server
- about / Windows Server
- full GUI installation / Windows Server – full GUI installation
- Core installation / Windows Server – Core installation
- Minimal Server Interface installation / Windows Server – Minimal Server Interface installation
- Windows Server Catalog
- Windows Server Modes
- switching between / Switching between Windows Server modes
- Windows Server Update Services (WSUS) / Manual patching
- Windows Update
- configuring / Configuring Windows Update
- Wireshark
- Workgroup and inter-domain PowerShell Remoting
- workgroup security
- issues / Relying on domain security
- WS2012 Hyper-V Security 1.0 baseline / Leveraging Group Policy