A recurring problem security teams often run into is installing software upgrades or patches that leave penetrable security holes. Wouldn't it be great if there were a way to test a patch or upgrade on a machine before it's installed without compromising the machine and the network? VMware has a great way to do just that.
In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional (CISSP) and trainer for CBT Nuggets LLC, demonstrates how to use VMware's ESXi host to perform sandbox testing.
The ESXi host, which is licensed for free as a single standalone tool, allows for the creation of either Windows or Linux virtual machines (VMs) that replicate the actual machines requiring patches or upgrades. These VMs can be snapshotted so that after testing patches and upgrades, the user can revert back to the machine before the installation. VMware ESXi is a bare-metal hypervisor, so it doesn't run on operating systems like Window or Linux, but instead runs directly on a computer's hardware. ESXi is user-friendly with a Web-based graphical user interface.
To obtain ESXi, VMware users can register at VMware.com to download and install the host. If you're not sure if your hardware is compatible, VMware.com provides a full compatibility list for users' convenience. Once ESXi is downloaded and installed, users can begin to add VMs and then start using the ESXi features such as snapshot and rollback, internal networking, and exporting and importing VMs using OVF templates to save time in creating subsequent VMs. Once the VMs are created and customized properly, users can isolate them in their own sandbox in vSphere and begin testing.
About CBT Nuggets:
CBT Nuggets creates online IT training on topics including network security, server administration and more. Train 24/7 from any device. Try CBT Nuggets with a seven-day free trial and train on a variety of topics, including Cisco security, Wireshark, Linux and more. Watch. Learn. Conquer.
About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Barker is also the author of numerous Cisco Press books and articles.