Solved

Forged transmits/Promiscuous Mode

Posted on 2012-04-12
8
933 Views
Last Modified: 2012-06-27
Can anyone put the risk of not setting the policy for "forged transmits" and "promiscuos mode" to reject into management freindly speak. In terms of if this policy is NOT set to reject, whats the risk in terms of data security/availablity/other, and the likelehood that this issue could be exploited, and by whom? Its in the hardening guides with some commentry on the risk, and the compliance checkers raise it as an issue, but its not all that clear on the exact risk and likelehood of that risk being exploited/occuring, and what ultimately could happen if the risk was exploited (managers usually go on performance/data security to take note of such issues).

How much of an issue is this in your vmware expert opinions? High risk, medium, low, hardly an issue at all?
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
Comment Utility
the only risk is a bad administrator, with a VM, attached to the network switch in prom mode, using network sniffing software on your LAN, to obtain passwords, or other cleartext information.

but the same software could be run on a wireless laptop outside the building!
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 250 total points
Comment Utility
In lamens terms, it just means someone can 'spoof' network traffic. In other words, some can see what's coming/going in/out of VMs. How 'critical' is it? I would say no definitive answer can be given, but you always want to "err" towards the 'being secure' side. What risk does it pose? Well, what are the chances someone can gain access to 1. your network and then 2. if they did, what's the possibility someone wants to look at netwk traffic to/from VMs as opposed to finding some other means by which to get sensitive information? I would give my personal opinion that the chances of someone using that to listen to traffic to do bad things is minimal, but honestly...all it takes is 1 time, regardless of the means by which a hacker or whatever does something to your environment...

Regards.
~coolsport00
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
its much easier for me to walk into your offices, and find a network port on the wall and jack in and sniff?

unless you have port security enabled ON all network switch ports
0
 
LVL 40

Expert Comment

by:coolsport00
Comment Utility
ha...good point @hanccocka. :) true dat.

again, it's just best practice to configure them according to the security guide, but if it's not config'd, then you have a "hole" open for potential attack. Of COURSE an auditor is going to suggest it be config'd to 'reject'. They will always suggest high security to prevent attacks...
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 3

Author Comment

by:pma111
Comment Utility
So both promiscuos mode and forged transmits are both around spoof/sniffing traffic?

If you run the compliance checker against your hosts, do you worry about such X's i.e. are you hosts fully compliant with the vsphere compliance checker or are some of the issues so trivial that they arent all that worth worrying about, or is it more a case of it improves security even 1% and therefore we "may as well"?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Spoofing and Prom mode are only useful, for low level network monitoring.
0
 
LVL 40

Expert Comment

by:coolsport00
Comment Utility
For my org, we use the guides as just that - GUIDES. From there, we decide based on SLAs, auditor recommendations, compliance rules/laws on how do secure our environment...
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
if there is no requirement for this, they should not be enabled.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
VMware Update Manager(VUM) “error code: 15” during ESXi 6.0 Remediate update in VUM operation
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now