Solved

Forged transmits/Promiscuous Mode

Posted on 2012-04-12
8
938 Views
Last Modified: 2012-06-27
Can anyone put the risk of not setting the policy for "forged transmits" and "promiscuos mode" to reject into management freindly speak. In terms of if this policy is NOT set to reject, whats the risk in terms of data security/availablity/other, and the likelehood that this issue could be exploited, and by whom? Its in the hardening guides with some commentry on the risk, and the compliance checkers raise it as an issue, but its not all that clear on the exact risk and likelehood of that risk being exploited/occuring, and what ultimately could happen if the risk was exploited (managers usually go on performance/data security to take note of such issues).

How much of an issue is this in your vmware expert opinions? High risk, medium, low, hardly an issue at all?
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 250 total points
ID: 37837162
the only risk is a bad administrator, with a VM, attached to the network switch in prom mode, using network sniffing software on your LAN, to obtain passwords, or other cleartext information.

but the same software could be run on a wireless laptop outside the building!
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 250 total points
ID: 37837164
In lamens terms, it just means someone can 'spoof' network traffic. In other words, some can see what's coming/going in/out of VMs. How 'critical' is it? I would say no definitive answer can be given, but you always want to "err" towards the 'being secure' side. What risk does it pose? Well, what are the chances someone can gain access to 1. your network and then 2. if they did, what's the possibility someone wants to look at netwk traffic to/from VMs as opposed to finding some other means by which to get sensitive information? I would give my personal opinion that the chances of someone using that to listen to traffic to do bad things is minimal, but honestly...all it takes is 1 time, regardless of the means by which a hacker or whatever does something to your environment...

Regards.
~coolsport00
0
 
LVL 119
ID: 37837172
its much easier for me to walk into your offices, and find a network port on the wall and jack in and sniff?

unless you have port security enabled ON all network switch ports
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 40

Expert Comment

by:coolsport00
ID: 37837177
ha...good point @hanccocka. :) true dat.

again, it's just best practice to configure them according to the security guide, but if it's not config'd, then you have a "hole" open for potential attack. Of COURSE an auditor is going to suggest it be config'd to 'reject'. They will always suggest high security to prevent attacks...
0
 
LVL 3

Author Comment

by:pma111
ID: 37837184
So both promiscuos mode and forged transmits are both around spoof/sniffing traffic?

If you run the compliance checker against your hosts, do you worry about such X's i.e. are you hosts fully compliant with the vsphere compliance checker or are some of the issues so trivial that they arent all that worth worrying about, or is it more a case of it improves security even 1% and therefore we "may as well"?
0
 
LVL 119
ID: 37837187
Spoofing and Prom mode are only useful, for low level network monitoring.
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 37837188
For my org, we use the guides as just that - GUIDES. From there, we decide based on SLAs, auditor recommendations, compliance rules/laws on how do secure our environment...
0
 
LVL 119
ID: 37837189
if there is no requirement for this, they should not be enabled.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question