SlideShare a Scribd company logo

vSphere 5.x BAsic Security Hardening

Download as DOCX, PDF
L
Luca Viscomi
1 of 3
1.1.1 vSphere Security– Virtual Machine Security Enhancements – {To be applied} Options Visual Discussion Security Profile Custom ‘VM’ Security measures: VMX File Edits(Directcommands) Prevent virtual disk shrinking. 1. isolation.tools.diskWiper.disable=TRUE 2. isolation.tools.diskShrink.disable=TRUE Ensure that unauthorized devices are not connected. 3. Floppydrives:floppyX.present 4. Serial ports:serialX.present 5. Parallel ports:parallelX.present 6. USB controller:usb.present 7. CD-ROM: ideX:Y.present Prevent unauthorized removal, connection and modification of devices. 8. isolation.device.connectable.disable=TRUE 9. isolation.device.edit.disable=TRUE Disable VM-to-VM communication through VMCI. 10.vmci0.unrestricted=FALSE Limit VM log file size and number. 11.log.rotateSize=1000000 12.log.keepOld=10 Limit informational messages from the VM to the VMX file. 13.tools.setInfo.sizeLimit=1048576 Avoid using independent non- persistent disks. 1. Not present 2. Not setto independentnonpersistent Disable certain unexposed features: point 21. Is optional 14.isolation.tools.unity.push.update.disable= TRUE 15.isolation.tools.ghi.launchmenu.change = TRUE 16.isolation.tools.memSchedFakeSampleStats.di sable = TRUE 17.isolation.tools.getCreds.disable =TRUE 18.isolation.tools.ghi.autologon.disable=TRUE 19.isolation.bios.bbs.disable=TRUE 20.isolation.tools.hgfsserverset.disable=TRUE 21.isolation.tools.ghi.autologon.disable=TRUE Disable remote operations within the guest. (If enabled, the system administrator can execute scripts or programs that use the VIX API to execute tasks within the guest OS.) 22.guest.command.enabled=FALSE For highest security, only one remote console session at a time should be allowed 23.remotedisplay.maxconnections=1 Explicitly disable copy operations 24.isolation.tools.copy.disable=TRUE Explicitly disable paste operations 25.isolation.tools.paste.disable=TRUE Disable VM Monitor Control 26.isolation.monitor.control.disable=TRUE These enhanced configuration parameters ensure that potential resource variables are not exploited into security vulnerabilities.
Options Visual Discussion Do not send host performance information to guests. 27.tools.guestlib.enableHostInfo=FALSE Global Windows Time sync recommendation 28.tools.syncTime="True" 1.1.1 vSphere Security– ESXi Host Security Enhancements {To be Applied} Options Visual Discussion Security Profile Custom Host Security measures: Directcommand To disable Host Welcome login web-page: #vim-cmdproxysvc/remove_service"/""httpsWithRedirect" Disable Managed Object Browser: vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect" This advances system change will prevent all Web-bases access including via the SDK
vSphere 5.x BAsic Security Hardening

Recommended

Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Windows Home Server – What It Can Do
Windows Home Server – What It Can DoWindows Home Server – What It Can Do
Windows Home Server – What It Can DoDavid Camp
 
StoreGrid Deployment Scenarios
StoreGrid Deployment ScenariosStoreGrid Deployment Scenarios
StoreGrid Deployment ScenariosRevolucion
 
Intoduction to VirtualBox English
Intoduction to VirtualBox EnglishIntoduction to VirtualBox English
Intoduction to VirtualBox EnglishKichiemon Adachi
 
Wbadmin
WbadminWbadmin
Wbadminssuser1eca7d
 
Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Anna Hristova
 
Data protection in windows
Data protection in windowsData protection in windows
Data protection in windowsVijay Kumar
 

Recommended

Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBrent Muir
 
Windows Home Server – What It Can Do
Windows Home Server – What It Can DoWindows Home Server – What It Can Do
Windows Home Server – What It Can DoDavid Camp
 
StoreGrid Deployment Scenarios
StoreGrid Deployment ScenariosStoreGrid Deployment Scenarios
StoreGrid Deployment ScenariosRevolucion
 
Intoduction to VirtualBox English
Intoduction to VirtualBox EnglishIntoduction to VirtualBox English
Intoduction to VirtualBox EnglishKichiemon Adachi
 
Wbadmin
WbadminWbadmin
Wbadminssuser1eca7d
 
Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Installing virtual box and windows server 2008 R2
Installing virtual box and windows server 2008 R2Anna Hristova
 
Data protection in windows
Data protection in windowsData protection in windows
Data protection in windowsVijay Kumar
 
Virtualbox
VirtualboxVirtualbox
VirtualboxAnthony Yuan , PMP
 
List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryptionCliford John Reandino
 
Usenix security10-rump session-suzaki
Usenix security10-rump session-suzakiUsenix security10-rump session-suzaki
Usenix security10-rump session-suzakiKuniyasu Suzaki
 
Mac osx snow leopard 10
Mac osx snow leopard 10Mac osx snow leopard 10
Mac osx snow leopard 10sketchout
 
Virtual Box Presentation
Virtual Box Presentation Virtual Box Presentation
Virtual Box Presentation Pete DuMelle
 
Usenix security10-rump session-suzaki
Usenix security10-rump session-suzakiUsenix security10-rump session-suzaki
Usenix security10-rump session-suzakiKuniyasu Suzaki
 
Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010Rose Banioki
 
Es xi 07-create-virtual-machine
Es xi 07-create-virtual-machineEs xi 07-create-virtual-machine
Es xi 07-create-virtual-machinedzar123456
 
03 bit locker-mod03
03 bit locker-mod0303 bit locker-mod03
03 bit locker-mod03António Barroso
 
Changes
ChangesChanges
ChangesYhorledy Cardenas
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
setting up v ms
setting up v ms setting up v ms
setting up v mschigio
 
Windows Easy Transfer for Windows 10
Windows Easy Transfer for Windows 10Windows Easy Transfer for Windows 10
Windows Easy Transfer for Windows 10A.J. Armstrong
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answersvivaankumar
 
VMworld 2013: What's New in VMware Fusion
VMworld 2013: What's New in VMware Fusion VMworld 2013: What's New in VMware Fusion
VMworld 2013: What's New in VMware Fusion VMworld
 
Run mac os x on pc
Run mac os x on pcRun mac os x on pc
Run mac os x on pcsketchout
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
Virtual machine (vm)
Virtual machine (vm)Virtual machine (vm)
Virtual machine (vm)laraibfatima79
 
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxHow to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxRusty Painter
 
Upgrading and deploying Windows 7
Upgrading and deploying Windows 7Upgrading and deploying Windows 7
Upgrading and deploying Windows 7ctc TrainCanada
 
15jan2017 atitudes que contribuem para a conquista das promessas
15jan2017 atitudes que contribuem para a conquista das promessas15jan2017 atitudes que contribuem para a conquista das promessas
15jan2017 atitudes que contribuem para a conquista das promessasAlcance Vitória
 
How To Repair And Replace Broken Bathroom Ceramic Tiles
How To Repair And Replace Broken Bathroom Ceramic TilesHow To Repair And Replace Broken Bathroom Ceramic Tiles
How To Repair And Replace Broken Bathroom Ceramic TilesOttawa Tile
 

More Related Content

What's hot

List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryptionCliford John Reandino
 
Usenix security10-rump session-suzaki
Usenix security10-rump session-suzakiUsenix security10-rump session-suzaki
Usenix security10-rump session-suzakiKuniyasu Suzaki
 
Mac osx snow leopard 10
Mac osx snow leopard 10Mac osx snow leopard 10
Mac osx snow leopard 10sketchout
 
Virtual Box Presentation
Virtual Box Presentation Virtual Box Presentation
Virtual Box Presentation Pete DuMelle
 
Usenix security10-rump session-suzaki
Usenix security10-rump session-suzakiUsenix security10-rump session-suzaki
Usenix security10-rump session-suzakiKuniyasu Suzaki
 
Es xi 07-create-virtual-machine
Es xi 07-create-virtual-machineEs xi 07-create-virtual-machine
Es xi 07-create-virtual-machinedzar123456
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
setting up v ms
setting up v ms setting up v ms
setting up v mschigio
 
Windows Easy Transfer for Windows 10
Windows Easy Transfer for Windows 10Windows Easy Transfer for Windows 10
Windows Easy Transfer for Windows 10A.J. Armstrong
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answersvivaankumar
 
VMworld 2013: What's New in VMware Fusion
VMworld 2013: What's New in VMware Fusion VMworld 2013: What's New in VMware Fusion
VMworld 2013: What's New in VMware Fusion VMworld
 
Run mac os x on pc
Run mac os x on pcRun mac os x on pc
Run mac os x on pcsketchout
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxHow to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxRusty Painter
 
Upgrading and deploying Windows 7
Upgrading and deploying Windows 7Upgrading and deploying Windows 7
Upgrading and deploying Windows 7ctc TrainCanada
 

What's hot (20)

Virtualbox
VirtualboxVirtualbox
Virtualbox
 
List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryption
 
Usenix security10-rump session-suzaki
Usenix security10-rump session-suzakiUsenix security10-rump session-suzaki
Usenix security10-rump session-suzaki
 
Mac osx snow leopard 10
Mac osx snow leopard 10Mac osx snow leopard 10
Mac osx snow leopard 10
 
Virtual Box Presentation
Virtual Box Presentation Virtual Box Presentation
Virtual Box Presentation
 
Usenix security10-rump session-suzaki
Usenix security10-rump session-suzakiUsenix security10-rump session-suzaki
Usenix security10-rump session-suzaki
 
Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010
 
Es xi 07-create-virtual-machine
Es xi 07-create-virtual-machineEs xi 07-create-virtual-machine
Es xi 07-create-virtual-machine
 
03 bit locker-mod03
03 bit locker-mod0303 bit locker-mod03
03 bit locker-mod03
 
Changes
ChangesChanges
Changes
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5
 
setting up v ms
setting up v ms setting up v ms
setting up v ms
 
Windows Easy Transfer for Windows 10
Windows Easy Transfer for Windows 10Windows Easy Transfer for Windows 10
Windows Easy Transfer for Windows 10
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answers
 
VMworld 2013: What's New in VMware Fusion
VMworld 2013: What's New in VMware Fusion VMworld 2013: What's New in VMware Fusion
VMworld 2013: What's New in VMware Fusion
 
Run mac os x on pc
Run mac os x on pcRun mac os x on pc
Run mac os x on pc
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it Compares
 
Virtual machine (vm)
Virtual machine (vm)Virtual machine (vm)
Virtual machine (vm)
 
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxHow to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
 
Upgrading and deploying Windows 7
Upgrading and deploying Windows 7Upgrading and deploying Windows 7
Upgrading and deploying Windows 7
 

Viewers also liked

15jan2017 atitudes que contribuem para a conquista das promessas
15jan2017 atitudes que contribuem para a conquista das promessas15jan2017 atitudes que contribuem para a conquista das promessas
15jan2017 atitudes que contribuem para a conquista das promessasAlcance Vitória
 
How To Repair And Replace Broken Bathroom Ceramic Tiles
How To Repair And Replace Broken Bathroom Ceramic TilesHow To Repair And Replace Broken Bathroom Ceramic Tiles
How To Repair And Replace Broken Bathroom Ceramic TilesOttawa Tile
 
Suzanne M Rainey - Resume final (1)
Suzanne M Rainey - Resume final (1)Suzanne M Rainey - Resume final (1)
Suzanne M Rainey - Resume final (1)Suzanne Rainey
 
văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón
văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón
văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón Thư Nguyễn
 
Daidjest dlya rieltorov_11_september_2016
Daidjest dlya rieltorov_11_september_2016Daidjest dlya rieltorov_11_september_2016
Daidjest dlya rieltorov_11_september_2016Aliaksandr Gorbatchuck
 
January 11 (child rights)
January 11 (child rights)January 11 (child rights)
January 11 (child rights)AIMEC Reporter
 
Fermentation Process
Fermentation ProcessFermentation Process
Fermentation ProcessW Sam Amin
 
Dhondt & Oeij 2016_Gedeeld leiderschap
Dhondt & Oeij 2016_Gedeeld leiderschapDhondt & Oeij 2016_Gedeeld leiderschap
Dhondt & Oeij 2016_Gedeeld leiderschapPeter Oeij
 

Viewers also liked (13)

15jan2017 atitudes que contribuem para a conquista das promessas
15jan2017 atitudes que contribuem para a conquista das promessas15jan2017 atitudes que contribuem para a conquista das promessas
15jan2017 atitudes que contribuem para a conquista das promessas
 
How To Repair And Replace Broken Bathroom Ceramic Tiles
How To Repair And Replace Broken Bathroom Ceramic TilesHow To Repair And Replace Broken Bathroom Ceramic Tiles
How To Repair And Replace Broken Bathroom Ceramic Tiles
 
Roshan Ann CV
Roshan Ann CVRoshan Ann CV
Roshan Ann CV
 
Suzanne M Rainey - Resume final (1)
Suzanne M Rainey - Resume final (1)Suzanne M Rainey - Resume final (1)
Suzanne M Rainey - Resume final (1)
 
văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón
văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón
văn bản hợp nhất 07/VBHN-BCT ngày 17/1/2017 về phân bón
 
Exercicios
Exercicios Exercicios
Exercicios
 
Daidjest dlya rieltorov_11_september_2016
Daidjest dlya rieltorov_11_september_2016Daidjest dlya rieltorov_11_september_2016
Daidjest dlya rieltorov_11_september_2016
 
Generalidades
GeneralidadesGeneralidades
Generalidades
 
January 11 (child rights)
January 11 (child rights)January 11 (child rights)
January 11 (child rights)
 
Fermentation Process
Fermentation ProcessFermentation Process
Fermentation Process
 
1-16
1-161-16
1-16
 
Dhondt & Oeij 2016_Gedeeld leiderschap
Dhondt & Oeij 2016_Gedeeld leiderschapDhondt & Oeij 2016_Gedeeld leiderschap
Dhondt & Oeij 2016_Gedeeld leiderschap
 
Oficio
OficioOficio
Oficio
 

Similar to vSphere 5.x BAsic Security Hardening

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
VMware Security
VMware SecurityVMware Security
VMware Securitysar_alex
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Virtualization_TechTalk
Virtualization_TechTalkVirtualization_TechTalk
Virtualization_TechTalkArif k
 
Virtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And ProfitVirtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And Profitmatthew.maisel
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsNicolas Collery
 
V mware security
V mware securityV mware security
V mware securitysar_alex
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paperAhmed Sallam
 
Microsoft Windows Server 2012 Early Adopter Guide
Microsoft Windows Server 2012 Early Adopter GuideMicrosoft Windows Server 2012 Early Adopter Guide
Microsoft Windows Server 2012 Early Adopter GuideKingfin Enterprises Limited
 
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Nicolas Collery
 

Similar to vSphere 5.x BAsic Security Hardening (20)

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
How to configure esx to pass an audit
How to configure esx to pass an auditHow to configure esx to pass an audit
How to configure esx to pass an audit
 
VMware Security
VMware SecurityVMware Security
VMware Security
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 
Virtualization_TechTalk
Virtualization_TechTalkVirtualization_TechTalk
Virtualization_TechTalk
 
Virtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And ProfitVirtualizing Testbeds For Fun And Profit
Virtualizing Testbeds For Fun And Profit
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
 
V mware security
V mware securityV mware security
V mware security
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisors
 
Virtualizaiton-3.pptx
Virtualizaiton-3.pptxVirtualizaiton-3.pptx
Virtualizaiton-3.pptx
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMware
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and Results
 
xen.pptx
xen.pptxxen.pptx
xen.pptx
 
Virtualization
VirtualizationVirtualization
Virtualization
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paper
 
Microsoft Windows Server 2012 Early Adopter Guide
Microsoft Windows Server 2012 Early Adopter GuideMicrosoft Windows Server 2012 Early Adopter Guide
Microsoft Windows Server 2012 Early Adopter Guide
 
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
 

vSphere 5.x BAsic Security Hardening

  • 1. 1.1.1 vSphere Security– Virtual Machine Security Enhancements – {To be applied} Options Visual Discussion Security Profile Custom ‘VM’ Security measures: VMX File Edits(Directcommands) Prevent virtual disk shrinking. 1. isolation.tools.diskWiper.disable=TRUE 2. isolation.tools.diskShrink.disable=TRUE Ensure that unauthorized devices are not connected. 3. Floppydrives:floppyX.present 4. Serial ports:serialX.present 5. Parallel ports:parallelX.present 6. USB controller:usb.present 7. CD-ROM: ideX:Y.present Prevent unauthorized removal, connection and modification of devices. 8. isolation.device.connectable.disable=TRUE 9. isolation.device.edit.disable=TRUE Disable VM-to-VM communication through VMCI. 10.vmci0.unrestricted=FALSE Limit VM log file size and number. 11.log.rotateSize=1000000 12.log.keepOld=10 Limit informational messages from the VM to the VMX file. 13.tools.setInfo.sizeLimit=1048576 Avoid using independent non- persistent disks. 1. Not present 2. Not setto independentnonpersistent Disable certain unexposed features: point 21. Is optional 14.isolation.tools.unity.push.update.disable= TRUE 15.isolation.tools.ghi.launchmenu.change = TRUE 16.isolation.tools.memSchedFakeSampleStats.di sable = TRUE 17.isolation.tools.getCreds.disable =TRUE 18.isolation.tools.ghi.autologon.disable=TRUE 19.isolation.bios.bbs.disable=TRUE 20.isolation.tools.hgfsserverset.disable=TRUE 21.isolation.tools.ghi.autologon.disable=TRUE Disable remote operations within the guest. (If enabled, the system administrator can execute scripts or programs that use the VIX API to execute tasks within the guest OS.) 22.guest.command.enabled=FALSE For highest security, only one remote console session at a time should be allowed 23.remotedisplay.maxconnections=1 Explicitly disable copy operations 24.isolation.tools.copy.disable=TRUE Explicitly disable paste operations 25.isolation.tools.paste.disable=TRUE Disable VM Monitor Control 26.isolation.monitor.control.disable=TRUE These enhanced configuration parameters ensure that potential resource variables are not exploited into security vulnerabilities.
  • 2. Options Visual Discussion Do not send host performance information to guests. 27.tools.guestlib.enableHostInfo=FALSE Global Windows Time sync recommendation 28.tools.syncTime="True" 1.1.1 vSphere Security– ESXi Host Security Enhancements {To be Applied} Options Visual Discussion Security Profile Custom Host Security measures: Directcommand To disable Host Welcome login web-page: #vim-cmdproxysvc/remove_service"/""httpsWithRedirect" Disable Managed Object Browser: vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect" This advances system change will prevent all Web-bases access including via the SDK