DOCSLIB.ORG

Guide to Securing Microsoft Windows XP Systems for IT Professionals: a NIST Security Configuration Checklist

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Guide to Securing Microsoft Windows XP Systems for IT Professionals: a NIST Security Configuration Checklist Special Publication 800-68 Revision 1 Sponsored by the Department of Homeland Security Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist Recommendations of the National Institute of Standards and Technology Karen Scarfone Murugiah Souppaya Paul M. Johnson NIST Special Publication 800-68 Guide to Securing Microsoft Windows XP Revision 1 Reports on Computer Systems Technology Systems for IT Professionals: A NIST Security Configuration Checklist Recommendations of the National Institute of Standards and Technology Karen Scarfone Murugiah Souppaya Paul M. Johnson C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 October 2008 U.S. Department of Commerce Carlos M. Gutierrez, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Deputy Director GUIDE TO SECURING MICROSOFT WINDOWS XP SYSTEMS FOR IT PROFESSIONALS Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-68 Revision 1 Natl. Inst. Stand. Technol. Spec. Publ. 800-68 Rev. 1, 127 pages (Oct. 2008) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessa rily the best available for the purpose. ii GUIDE TO SECURING MICROSOFT WINDOWS XP SYSTEMS FOR IT PROFESSIONALS Acknowledgements The authors, Karen Scarfone and Murugiah Souppaya of the National Institute of Standards and Technology (NIST) and Paul M. Johnson of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content, particularly Tim Grance and Blair Heiserman of NIST and Kurt Dillard. Acknowledgements, Original Version The authors, Murugiah Souppaya of the National Institute of Standards and Technology (NIST) and Karen Kent and Paul M. Johnson of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge Chris Enloe, Tim Grance, Arnold Johnson, Larry Keys, Kathy Ton-nu, and John Wack of NIST; Robert Chang, Anthony Harris, and Richard Park of Booz Allen Hamilton; and Kurt Dillard of Microsoft for their keen and insightful assistance throughout the development of the document. The authors would also like to express their thanks to the reviewers of the draft publication for their particularly valuable comments and suggestions, in particular Dean Farrington (Wells Fargo Bank), Nathan Look (Los Angeles Department of Water and Power), James McKeithen, W. Warren Pearce (Air Force Satellite Control Network), Peter Tracy (Belarc), the Department of Energy, the Internal Revenue Service, and the Social Security Administration. Additionally, the authors also thank the Department of Homeland Security (DHS), Defense Information Agency (DISA), the Center for Internet Security (CIS), the National Security Agency (NSA), the United States Air Force (USAF), Microsoft Corporation, and other individuals for their valuable contributions to the baseline security templates and continued hard work to improve security in this and other similar efforts. The National Institute of Standards and Technology would also like to express its appreciation and thanks to the Department of Homeland Security for its sponsorship and support of NIST SP 800-68. Trademark Information Microsoft, Windows, Windows Vista, Windows XP, Windows 2000, Windows NT, Internet Explorer, Microsoft Office, Outlook, Outlook Express, and Microsoft Word are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. All other names are registered trademarks or trademarks of their respective companies. iii GUIDE TO SECURING MICROSOFT WINDOWS XP SYSTEMS FOR IT PROFESSIONALS Table of Contents Executive Summary..............................................................................................................ES-1 1. Introduction ......................................................................................................................1-1 1.1 Authority...................................................................................................................1-1 1.2 Purpose and Scope .................................................................................................1-1 1.3 Audience ..................................................................................................................1-2 1.4 Document Structure .................................................................................................1-2 2. Windows XP Security Guide Development....................................................................2-1 2.1 Windows XP System Roles and Requirements .......................................................2-2 2.2 Security Categorization of Information and Information Systems ............................2-3 2.3 Baseline Security Controls and Threat Analysis Refinement...................................2-4 2.3.1 Local Threats................................................................................................2-5 2.3.2 Remote Threats............................................................................................2-7 2.4 Environments and Security Controls Documentation ............................................2-10 2.4.1 SOHO.........................................................................................................2-10 2.4.2 Enterprise ...................................................................................................2-11 2.4.3 Specialized Security-Limited Functionality (SSLF).....................................2-13 2.4.4 Legacy........................................................................................................2-14 2.4.5 FDCC..........................................................................................................2-14 2.4.6 Security Documentation .............................................................................2-14 2.5 Implementation and Testing of Security Controls ..................................................2-15 2.6 Monitoring and Maintenance..................................................................................2-15 2.7 Summary of Recommendations.............................................................................2-16 3. Windows XP Security Components Overview ..............................................................3-1 3.1 New Features in Windows XP .................................................................................3-1 3.1.1 Networking Features ....................................................................................3-1 3.1.2 Authentication and Authorization..................................................................3-2 3.1.3 Other.............................................................................................................3-4 3.2 Security Features Inherited from Windows 2000 .....................................................3-5 3.2.1 Kerberos .......................................................................................................3-5 3.2.2 Smart Card Support......................................................................................3-6 3.2.3 Internet Connection Sharing.........................................................................3-6 3.2.4 Internet Protocol Security .............................................................................3-6 3.2.5 Encrypting File System.................................................................................3-7 3.3 Summary of Recommendations...............................................................................3-7 4. Installation, Backup, and Patching.................................................................................4-1 4.1 Performing a New Installation ..................................................................................4-1 4.1.1 Partitioning Advice........................................................................................4-1 4.1.2 Installation Methods......................................................................................4-2 4.2 Backing Up Systems................................................................................................4-4 4.3 Updating Existing
Load more

Recommended publications
  • Text File Converted with Freeware Acropad
    XP Tips & Tweaks These tips and tweaks have come from hundreds of individuals across the internet. I have included some of web sites links (below) that cover this popular topic. I have not tried most of these tips, so let me know if some don't work or have mistakes. Tips & Tweaks Links TipsDr Paul Thurrott's Supersite for Windows - XP Tips & Tricks Microsoft WinXP Support Center Microsoft WinXP Professional Microsoft WinXP Home Microsoft WinXP Knowledge Base Articles Microsoft Power Toys for Windows XP Microsoft Windows XP Tips Microsoft Windows XP User Tips Archive Microsoft Windows XP Professional Tips Microsoft Windows XP Home Edition Tips Microsoft Tips & Tricks for Windows XP Professional Microsoft Tips for Techies Stop Jerky Graphics If you are connected to a LAN and have problems with jerky graphics, this might be the solution: ·Right-click "My Computer". ·Select "Manage". ·Click on "Device Manager". ·Double-click on your NIC under "Network Adapters". ·In the new window, select the "Advanced" tab. ·Select "Connection Type" and manually set the value of your NIC. (Not "Auto Sense" which is default.). ·You should reboot. Shutdown XP Faster Like previous versions of windows, it takes long time to restart or shutdown windows XP when the "Exit Windows" sound is enabled. To solve this problem you must disable this useless sound. ·Click Start button. ·Go to settings > Control Panel > Sound, Speech and Audio devices > Sounds and Audio Devices > Sounds. ·Then under program events and windows menu click on "Exit Windows" sub-menu and highlight it. Now from sounds you can select, choose "none" and then click Apply and OK.
    [Show full text]
  • Efficient, Dos-Resistant, Secure Key Exchange
    Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols∗ William Aiello Steven M. Bellovin Matt Blaze AT&T Labs Research AT&T Labs Research AT&T Labs Research [email protected] [email protected] [email protected] Ran Canetti John Ioannidis Angelos D. Keromytis IBM T.J. Watson Research Center AT&T Labs Research Columbia University [email protected] [email protected] [email protected] Omer Reingold AT&T Labs Research [email protected] Categories and Subject Descriptors While it might be possible to “patch” the IKE protocol to fix C.2.0 [Security and Protection]: Key Agreement Protocols some of these problems, it may be perferable to construct a new protocol that more narrorwly addresses the requirements “from the ground up.” We set out to engineer a new key exchange protocol General Terms specifically for Internet security applications. We call our new pro- Security, Reliability, Standardization tocol “JFK,” which stands for “Just Fast Keying.” Keywords 1.1 Design Goals We seek a protocol with the following characteristics: Cryptography, Denial of Service Attacks Security: No one other than the participants may have access to ABSTRACT the generated key. We describe JFK, a new key exchange protocol, primarily designed PFS: It must approach Perfect Forward Secrecy. for use in the IP Security Architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a Privacy: It must preserve the privacy of the initiator and/or re- number of novel engineering parameters that permit a variety of sponder, insofar as possible.
    [Show full text]
  • Network Access Control and Cloud Security
    Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-17/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-1 Overview 1. Network Access Control (NAC) 2. RADIUS 3. Extensible Authentication Protocol (EAP) 4. EAP over LAN (EAPOL) 5. 802.1X 6. Cloud Security These slides are based partly on Lawrie Brown’s slides supplied with William Stallings’s book “Cryptography and Network Security: Principles and Practice,” 7th Ed, 2017. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-2 Network Access Control (NAC) AAA: Authentication: Is the user legit? Supplicant Authenticator Authentication Server Authorization: What is he allowed to do? Accounting: Keep track of usage Components: Supplicant: User Authenticator: Network edge device Authentication Server: Remote Access Server (RAS) or Policy Server Backend policy and access control Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-3 Network Access Enforcement Methods IEEE 802.1X used in Ethernet, WiFi Firewall DHCP Management VPN VLANs Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-4 RADIUS Remote Authentication Dial-In User Service Central point for Authorization, Accounting, and Auditing data ⇒ AAA server Network Access servers get authentication info from RADIUS servers Allows RADIUS Proxy Servers ⇒ ISP roaming alliances Uses UDP: In case of server failure, the request must be re-sent to backup ⇒ Application level retransmission required TCP takes too long to indicate failure Proxy RADIUS RADIUS Network Remote Access User Customer Access ISP Net Server Network Server Ref: http://en.wikipedia.org/wiki/RADIUS Washington University in St.
    [Show full text]
  • Windows - Run/Kör Kommando
    Windows - Run/Kör kommando Accessibility Controls - access.cpl Network Connections - ncpa.cpl Add Hardware Wizard - hdwwiz.cpl Network Setup Wizard - netsetup.cpl Add/Remove Programs - appwiz.cpl Notepad - notepad Administrative Tools - control admintools Nview Desktop Manager - nvtuicpl.cpl Automatic Updates - wuaucpl.cpl Object Packager - packager Bluetooth Transfer Wizard - fsquirt ODBC Data Source Administrator - odbccp32.cpl Calculator - calc On Screen Keyboard - osk Certificate Manager - certmgr.msc Opens AC3 Filter - ac3filter.cpl Character Map - charmap Password Properties - password.cpl Check Disk Utility - chkdsk Performance Monitor - perfmon.msc Clipboard Viewer - clipbrd Performance Monitor - perfmon Command Prompt - cmd Phone and Modem Options - telephon.cpl Component Services - dcomcnfg Power Configuration - powercfg.cpl Computer Management - compmgmt.msc Printers and Faxes - control printers Control Panel - control panel Printers Folder - printers Date and Time Properties - timedate.cpl Private Character Editor - eudcedit DDE Share - ddeshare Quicktime (If Installed) - QuickTime.cpl Device Manager - devmgmt.msc Regional Settings - intl.cpl Direct X Control Panel -directx.cpl Registry Editor - regedit Direct X Troubleshooter - dxdiag Registry Editor - regedit32 Disk Cleanup Utility - cleanmgr Remote Desktop - mstsc Disk Defragment - dfrg.msc Removable Storage - ntmsmgr.msc Disk Management - diskmgmt.msc Removable Storage Operator Requests - ntmsoprq.msc Disk Partition Manager - diskpart Resultant Set of Policy (XP Prof)
    [Show full text]
  • Adaptive Android Kernel Live Patching
    Adaptive Android Kernel Live Patching Yue Chen Yulong Zhang Zhi Wang Liangzhao Xia Florida State University Baidu X-Lab Florida State University Baidu X-Lab Chenfu Bao Tao Wei Baidu X-Lab Baidu X-Lab Abstract apps contain sensitive personal data, such as bank ac- counts, mobile payments, private messages, and social Android kernel vulnerabilities pose a serious threat to network data. Even TrustZone, widely used as the se- user security and privacy. They allow attackers to take cure keystore and digital rights management in Android, full control over victim devices, install malicious and un- is under serious threat since the compromised kernel en- wanted apps, and maintain persistent control. Unfortu- ables the attacker to inject malicious payloads into Trust- nately, most Android devices are never timely updated Zone [42, 43]. Therefore, Android kernel vulnerabilities to protect their users from kernel exploits. Recent An- pose a serious threat to user privacy and security. droid malware even has built-in kernel exploits to take Tremendous efforts have been put into finding (and ex- advantage of this large window of vulnerability. An ef- ploiting) Android kernel vulnerabilities by both white- fective solution to this problem must be adaptable to lots hat and black-hat researchers, as evidenced by the sig- of (out-of-date) devices, quickly deployable, and secure nificant increase of kernel vulnerabilities disclosed in from misuse. However, the fragmented Android ecosys- Android Security Bulletin [3] in recent years. In ad- tem makes this a complex and challenging task. dition, many kernel vulnerabilities/exploits are publicly To address that, we systematically studied 1;139 An- available but never reported to Google or the vendors, droid kernels and all the recent critical Android ker- let alone patched (e.g., exploits in Android rooting nel vulnerabilities.
    [Show full text]
  • Administrative Guide for Windows 10 and Windows Server Fall Creators Update (1709)
    Operational and Administrative Guidance Microsoft Windows 10 and Windows Server Common Criteria Evaluation for Microsoft Windows 10 and Windows Server Version 1903 (May 2019 Update) General Purpose Operating System Protection Profile © 2019 Microsoft. All rights reserved. Microsoft Windows 10 GP OS Administrative Guidance Copyright and disclaimer The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs-NonCommercial VLicense (which allows redistribution of the work). To view a copy of this license, visithttp://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
    [Show full text]
  • Run-Commands-Windows-10.Pdf
    Run Commands Windows 10 by Bettertechtips.com Command Action Command Action documents Open Documents Folder devicepairingwizard Device Pairing Wizard videos Open Videos Folder msdt Diagnostics Troubleshooting Wizard downloads Open Downloads Folder tabcal Digitizer Calibration Tool favorites Open Favorites Folder dxdiag DirectX Diagnostic Tool recent Open Recent Folder cleanmgr Disk Cleanup pictures Open Pictures Folder dfrgui Optimie Drive devicepairingwizard Add a new Device diskmgmt.msc Disk Management winver About Windows dialog dpiscaling Display Setting hdwwiz Add Hardware Wizard dccw Display Color Calibration netplwiz User Accounts verifier Driver Verifier Manager azman.msc Authorization Manager utilman Ease of Access Center sdclt Backup and Restore rekeywiz Encryption File System Wizard fsquirt fsquirt eventvwr.msc Event Viewer calc Calculator fxscover Fax Cover Page Editor certmgr.msc Certificates sigverif File Signature Verification systempropertiesperformance Performance Options joy.cpl Game Controllers printui Printer User Interface iexpress IExpress Wizard charmap Character Map iexplore Internet Explorer cttune ClearType text Tuner inetcpl.cpl Internet Properties colorcpl Color Management iscsicpl iSCSI Initiator Configuration Tool cmd Command Prompt lpksetup Language Pack Installer comexp.msc Component Services gpedit.msc Local Group Policy Editor compmgmt.msc Computer Management secpol.msc Local Security Policy: displayswitch Connect to a Projector lusrmgr.msc Local Users and Groups control Control Panel magnify Magnifier
    [Show full text]
  • 11.7 the Windows 2000 File System
    830 CASE STUDY 2: WINDOWS 2000 CHAP. 11 11.7 THE WINDOWS 2000 FILE SYSTEM Windows 2000 supports several file systems, the most important of which are FAT-16, FAT-32, and NTFS (NT File System). FAT-16 is the old MS-DOS file system. It uses 16-bit disk addresses, which limits it to disk partitions no larger than 2 GB. FAT-32 uses 32-bit disk addresses and supports disk partitions up to 2 TB. NTFS is a new file system developed specifically for Windows NT and car- ried over to Windows 2000. It uses 64-bit disk addresses and can (theoretically) support disk partitions up to 264 bytes, although other considerations limit it to smaller sizes. Windows 2000 also supports read-only file systems for CD-ROMs and DVDs. It is possible (even common) to have the same running system have access to multiple file system types available at the same time. In this chapter we will treat the NTFS file system because it is a modern file system unencumbered by the need to be fully compatible with the MS-DOS file system, which was based on the CP/M file system designed for 8-inch floppy disks more than 20 years ago. Times have changed and 8-inch floppy disks are not quite state of the art any more. Neither are their file systems. Also, NTFS differs both in user interface and implementation in a number of ways from the UNIX file system, which makes it a good second example to study. NTFS is a large and complex system and space limitations prevent us from covering all of its features, but the material presented below should give a reasonable impression of it.
    [Show full text]
  • © Iquila Ltd 2018-2019 - 1
    Rev-1 Joining a Client PC to a Domain Controller using iQuila Server Setup 1. Install the iQuila client software on your windows domain controller server (please note if you have more than one domain controller, you must install the iQuila client software on each domain controller in your network.) 2. Assign a static IP address to the iQuila virtual network adaptor. (Please see Help Document for using Static IP addresses) 3. Go to Control Panel then select view network status and tasks, select change adaptor settings, right click on the iQuila network adaptor (VPN – VPN Client) and client properties. 4. Select Internet protocol version v (TCP/IPv4) and click properties. Select use the following IP address and enter an IP address in your given range, i.e. 192.168.30.9. Enter your given subnet mask i.e. 255.255.255.0 Leave the default gateway setting blank Under the DNS section select use the preferred DNS server address and enter the same address as you entered for the IP address 192.168.30.9 Click ok to save IP address and click on the exit the adaptor properties window. © iQuila Ltd 2018-2019 - www.iquila.com 1 Client Setup 1. Install the iQuila client software on the client computers that you would like to join to the domain and ensure they have registered with the iQuila Cloud server. 2. You now need to set the DNS server address on the iQuila virtual adaptor or contact iQuila support and request the change of DNS address in your Virtual DHCP Server settings.
    [Show full text]
  • Windows Messenger Live Msn Download
    Windows messenger live msn download Windows Live Messenger latest version: See. Hear. Share. Instantly.. Windows Live Messenger previously known as MSN Messenger, was renamed as part of. MSN Messenger is an instant messaging program that lets you send instant messages to your friends, and much more. Previously known as MSN Messenger, Windows Live Messenger is Microsoft's answer to instant messaging. While largely the same as its predecessor. Windows Live Messenger free download. on their MSN or Hotmail account, as the integration with the email accounts can be. Mobile and web: Using a public computer without Messenger? No problem! You can chat on the web from Windows Live Hotmail or use. Share photos: Look at photos together, right in the conversation window and Messenger tells you when people you know post new photos on Windows Live. Microsoft Windows live messenger free Download Link: Latest Version. Old Version of MSN (Live) Messenger. Website. Developer. Microsoft Corporation. Latest Version. Windows. Messenger, which offers the user the same functionalities as Windows Live Messenger. Windows Live Messenger Final Deutsch: Der Windows Live Messenger, Nachfolger des MSN Messenger, in der Version​: ​ - vom How to Download and Install Windows Live Messenger. Windows Live Messenger is a great way to talk to people online. You can now have a personal picture. Windows 7 by default is installed without Windows Live Messenger. So to get it, we will need to download and install it. select, like setting Bing as the default search provider and setting MSN as your browser home page. is a free, personal email service from Microsoft.
    [Show full text]
  • Digital Vision Network 5000 Series BCM Motherboard BIOS Upgrade
    Digital Vision Network 5000 Series BCM™ Motherboard BIOS Upgrade Instructions October, 2011 24-10129-128 Rev. – Copyright 2011 Johnson Controls, Inc. All Rights Reserved (805) 522-5555 www.johnsoncontrols.com No part of this document may be reproduced without the prior permission of Johnson Controls, Inc. Cardkey P2000, BadgeMaster, and Metasys are trademarks of Johnson Controls, Inc. All other company and product names are trademarks or registered trademarks of their respective owners. These instructions are supplemental. Some times they are supplemental to other manufacturer’s documentation. Never discard other manufacturer’s documentation. Publications from Johnson Controls, Inc. are not intended to duplicate nor replace other manufacturer’s documentation. Due to continuous development of our products, the information in this document is subject to change without notice. Johnson Controls, Inc. shall not be liable for errors contained herein or for incidental or consequential damages in connection with furnishing or use of this material. Contents of this publication may be preliminary and/or may be changed at any time without any obligation to notify anyone of such revision or change, and shall not be regarded as a warranty. If this document is translated from the original English version by Johnson Controls, Inc., all reasonable endeavors will be used to ensure the accuracy of translation. Johnson Controls, Inc. shall not be liable for any translation errors contained herein or for incidental or consequential damages in connection
    [Show full text]
  • PCI DSS Virtualization Guidelines
    Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Author: Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines Information Supplement • PCI DSS Virtualization Guidelines • June 2011 Table of Contents 1 Introduction ....................................................................................................................... 3 1.1 Audience ................................................................................................................ 3 1.2 Intended Use .......................................................................................................... 4 2 Virtualization Overview .................................................................................................... 5 2.1 Virtualization Concepts and Classes ..................................................................... 5 2.2 Virtual System Components and Scoping Guidance ............................................. 7 3 Risks for Virtualized Environments .............................................................................. 10 3.1 Vulnerabilities in the Physical Environment Apply in a Virtual Environment ....... 10 3.2 Hypervisor Creates New Attack Surface ............................................................. 10 3.3 Increased Complexity of Virtualized Systems and Networks .............................. 11 3.4 More Than One Function per Physical System ................................................... 11 3.5 Mixing VMs of
    [Show full text]