Solved

Forged transmits/Promiscuous Mode

Posted on 2012-04-12
8
936 Views
Last Modified: 2012-06-27
Can anyone put the risk of not setting the policy for "forged transmits" and "promiscuos mode" to reject into management freindly speak. In terms of if this policy is NOT set to reject, whats the risk in terms of data security/availablity/other, and the likelehood that this issue could be exploited, and by whom? Its in the hardening guides with some commentry on the risk, and the compliance checkers raise it as an issue, but its not all that clear on the exact risk and likelehood of that risk being exploited/occuring, and what ultimately could happen if the risk was exploited (managers usually go on performance/data security to take note of such issues).

How much of an issue is this in your vmware expert opinions? High risk, medium, low, hardly an issue at all?
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 250 total points
ID: 37837162
the only risk is a bad administrator, with a VM, attached to the network switch in prom mode, using network sniffing software on your LAN, to obtain passwords, or other cleartext information.

but the same software could be run on a wireless laptop outside the building!
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 250 total points
ID: 37837164
In lamens terms, it just means someone can 'spoof' network traffic. In other words, some can see what's coming/going in/out of VMs. How 'critical' is it? I would say no definitive answer can be given, but you always want to "err" towards the 'being secure' side. What risk does it pose? Well, what are the chances someone can gain access to 1. your network and then 2. if they did, what's the possibility someone wants to look at netwk traffic to/from VMs as opposed to finding some other means by which to get sensitive information? I would give my personal opinion that the chances of someone using that to listen to traffic to do bad things is minimal, but honestly...all it takes is 1 time, regardless of the means by which a hacker or whatever does something to your environment...

Regards.
~coolsport00
0
 
LVL 119
ID: 37837172
its much easier for me to walk into your offices, and find a network port on the wall and jack in and sniff?

unless you have port security enabled ON all network switch ports
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 40

Expert Comment

by:coolsport00
ID: 37837177
ha...good point @hanccocka. :) true dat.

again, it's just best practice to configure them according to the security guide, but if it's not config'd, then you have a "hole" open for potential attack. Of COURSE an auditor is going to suggest it be config'd to 'reject'. They will always suggest high security to prevent attacks...
0
 
LVL 3

Author Comment

by:pma111
ID: 37837184
So both promiscuos mode and forged transmits are both around spoof/sniffing traffic?

If you run the compliance checker against your hosts, do you worry about such X's i.e. are you hosts fully compliant with the vsphere compliance checker or are some of the issues so trivial that they arent all that worth worrying about, or is it more a case of it improves security even 1% and therefore we "may as well"?
0
 
LVL 119
ID: 37837187
Spoofing and Prom mode are only useful, for low level network monitoring.
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 37837188
For my org, we use the guides as just that - GUIDES. From there, we decide based on SLAs, auditor recommendations, compliance rules/laws on how do secure our environment...
0
 
LVL 119
ID: 37837189
if there is no requirement for this, they should not be enabled.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Citrix StoreFront problem, internal storefronts are not working 34 67
vmsn files 11 48
Converting Physical Machine to Virtual Machine 2 74
VMWare & and Storage 10 70
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question