Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Forged transmits/Promiscuous Mode

Posted on 2012-04-12
8
Medium Priority
?
951 Views
Last Modified: 2012-06-27
Can anyone put the risk of not setting the policy for "forged transmits" and "promiscuos mode" to reject into management freindly speak. In terms of if this policy is NOT set to reject, whats the risk in terms of data security/availablity/other, and the likelehood that this issue could be exploited, and by whom? Its in the hardening guides with some commentry on the risk, and the compliance checkers raise it as an issue, but its not all that clear on the exact risk and likelehood of that risk being exploited/occuring, and what ultimately could happen if the risk was exploited (managers usually go on performance/data security to take note of such issues).

How much of an issue is this in your vmware expert opinions? High risk, medium, low, hardly an issue at all?
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 37837162
the only risk is a bad administrator, with a VM, attached to the network switch in prom mode, using network sniffing software on your LAN, to obtain passwords, or other cleartext information.

but the same software could be run on a wireless laptop outside the building!
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 1000 total points
ID: 37837164
In lamens terms, it just means someone can 'spoof' network traffic. In other words, some can see what's coming/going in/out of VMs. How 'critical' is it? I would say no definitive answer can be given, but you always want to "err" towards the 'being secure' side. What risk does it pose? Well, what are the chances someone can gain access to 1. your network and then 2. if they did, what's the possibility someone wants to look at netwk traffic to/from VMs as opposed to finding some other means by which to get sensitive information? I would give my personal opinion that the chances of someone using that to listen to traffic to do bad things is minimal, but honestly...all it takes is 1 time, regardless of the means by which a hacker or whatever does something to your environment...

Regards.
~coolsport00
0
 
LVL 124
ID: 37837172
its much easier for me to walk into your offices, and find a network port on the wall and jack in and sniff?

unless you have port security enabled ON all network switch ports
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 40

Expert Comment

by:coolsport00
ID: 37837177
ha...good point @hanccocka. :) true dat.

again, it's just best practice to configure them according to the security guide, but if it's not config'd, then you have a "hole" open for potential attack. Of COURSE an auditor is going to suggest it be config'd to 'reject'. They will always suggest high security to prevent attacks...
0
 
LVL 3

Author Comment

by:pma111
ID: 37837184
So both promiscuos mode and forged transmits are both around spoof/sniffing traffic?

If you run the compliance checker against your hosts, do you worry about such X's i.e. are you hosts fully compliant with the vsphere compliance checker or are some of the issues so trivial that they arent all that worth worrying about, or is it more a case of it improves security even 1% and therefore we "may as well"?
0
 
LVL 124
ID: 37837187
Spoofing and Prom mode are only useful, for low level network monitoring.
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 37837188
For my org, we use the guides as just that - GUIDES. From there, we decide based on SLAs, auditor recommendations, compliance rules/laws on how do secure our environment...
0
 
LVL 124
ID: 37837189
if there is no requirement for this, they should not be enabled.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
August and September have been big months for VMware—from VMworld last month to our new Course of the Month in VMware Professional - Data Center Virtualization. We reached out to Andrew Hancock, resident VMware vExpert, to have a more in-depth discu…
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question