Search This Blog

Sunday, September 30, 2012

Virtual Firewall and Anti-Malware Protection for Hyper-V Extensible Switch

 

Before Windows Server 2012 launching, I'm glad to received an invitation from 5Nine to test the product.Well, since it is related on my session, then i decided to demo it. Continue to read about the description about Hyper-V extensible Switch and 5Nine Security Manager.

Short description about the Hyper-V Extensible Switch:-

The Hyper-V extensible switch supports an interface that allows instances of NDIS filter drivers (known as extensible switch extensions) to bind within the extensible switch driver stack. After they are bound and enabled, extensions can monitor, modify, and forward packets to extensible switch ports. This also allows extensions to reject, redirect, or originate packets to ports that are used by the Hyper-V partition.

This feature is available in Windows Server 2012 Hyper-V.

Short description about the 5Nine Security Manager product:-

5nine Security Manager for Hyper-V is the industry's only complete agentless security solution built specifically for the Microsoft virtualization platform and fully takes advantage of the extensibility of the new Windows Server Hyper-V Virtual Switch

It controls network traffic between virtual machines, detects and blocks malicious attacks, performs fast anti-virus scans and thus improves the security of a virtualized environment.

5nine Security Manager combines multiple protection modules, including Anti-Malware, Programmatic Virtual Firewall, log inspection and IDS/Web application protection, in a single and centrally managed software solution.

Here is a video of the demo that I've performed for the Windows Server 2012 Launching event to block traffic to Web Server and ping request.

5Nine Extensible Switch for Hyper-V from Yoong Seng Lai on Vimeo.

Short description about the demo:-

With Windows firewall disabled on the VM. Therefore

a) Configure monitor and enabled the VM that you want to protect. Once enabled, all the traffic is blocked , no access to services and ping request. Example:- Access to web server

b) Enable only “Web Service” request to Web Server. In this example:- i have created a simple page which showing my blog and just allow port 80.

c) Allow ping from one source to another

Now, by using 5Nine, i can configure hardening and Anti-Malware protection from a single console and protect the entire Hyper-V Host in the environment.