Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...
vSphere 5.x BAsic Security Hardening
1. 1.1.1 vSphere Security– Virtual Machine Security Enhancements – {To be applied}
Options Visual Discussion
Security
Profile
Custom ‘VM’ Security measures: VMX File Edits(Directcommands)
Prevent virtual disk shrinking. 1. isolation.tools.diskWiper.disable=TRUE
2. isolation.tools.diskShrink.disable=TRUE
Ensure that unauthorized
devices are not connected.
3. Floppydrives:floppyX.present
4. Serial ports:serialX.present
5. Parallel ports:parallelX.present
6. USB controller:usb.present
7. CD-ROM: ideX:Y.present
Prevent unauthorized removal,
connection and modification of
devices.
8. isolation.device.connectable.disable=TRUE
9. isolation.device.edit.disable=TRUE
Disable VM-to-VM
communication through VMCI.
10.vmci0.unrestricted=FALSE
Limit VM log file size and
number.
11.log.rotateSize=1000000
12.log.keepOld=10
Limit informational messages
from the VM to the VMX file.
13.tools.setInfo.sizeLimit=1048576
Avoid using independent non-
persistent disks.
1. Not present
2. Not setto independentnonpersistent
Disable certain unexposed
features: point 21. Is optional
14.isolation.tools.unity.push.update.disable=
TRUE
15.isolation.tools.ghi.launchmenu.change =
TRUE
16.isolation.tools.memSchedFakeSampleStats.di
sable = TRUE
17.isolation.tools.getCreds.disable =TRUE
18.isolation.tools.ghi.autologon.disable=TRUE
19.isolation.bios.bbs.disable=TRUE
20.isolation.tools.hgfsserverset.disable=TRUE
21.isolation.tools.ghi.autologon.disable=TRUE
Disable remote operations
within the guest. (If enabled,
the system administrator can
execute scripts or programs
that use
the VIX API to execute tasks
within the guest OS.)
22.guest.command.enabled=FALSE
For highest security, only one
remote console session at a
time should be allowed
23.remotedisplay.maxconnections=1
Explicitly disable copy
operations
24.isolation.tools.copy.disable=TRUE
Explicitly disable paste
operations
25.isolation.tools.paste.disable=TRUE
Disable VM Monitor Control 26.isolation.monitor.control.disable=TRUE
These enhanced
configuration
parameters
ensure that
potential resource
variables are not
exploited into
security
vulnerabilities.
2. Options Visual Discussion
Do not send host performance
information to guests.
27.tools.guestlib.enableHostInfo=FALSE
Global Windows Time sync
recommendation
28.tools.syncTime="True"
1.1.1 vSphere Security– ESXi Host Security Enhancements {To be Applied}
Options Visual Discussion
Security
Profile
Custom Host
Security
measures:
Directcommand
To disable Host
Welcome login
web-page: #vim-cmdproxysvc/remove_service"/""httpsWithRedirect"
Disable
Managed Object
Browser: vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect"
This advances
system change
will prevent all
Web-bases
access
including via the
SDK