Solved

Forged transmits/Promiscuous Mode

Posted on 2012-04-12
8
935 Views
Last Modified: 2012-06-27
Can anyone put the risk of not setting the policy for "forged transmits" and "promiscuos mode" to reject into management freindly speak. In terms of if this policy is NOT set to reject, whats the risk in terms of data security/availablity/other, and the likelehood that this issue could be exploited, and by whom? Its in the hardening guides with some commentry on the risk, and the compliance checkers raise it as an issue, but its not all that clear on the exact risk and likelehood of that risk being exploited/occuring, and what ultimately could happen if the risk was exploited (managers usually go on performance/data security to take note of such issues).

How much of an issue is this in your vmware expert opinions? High risk, medium, low, hardly an issue at all?
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
ID: 37837162
the only risk is a bad administrator, with a VM, attached to the network switch in prom mode, using network sniffing software on your LAN, to obtain passwords, or other cleartext information.

but the same software could be run on a wireless laptop outside the building!
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 250 total points
ID: 37837164
In lamens terms, it just means someone can 'spoof' network traffic. In other words, some can see what's coming/going in/out of VMs. How 'critical' is it? I would say no definitive answer can be given, but you always want to "err" towards the 'being secure' side. What risk does it pose? Well, what are the chances someone can gain access to 1. your network and then 2. if they did, what's the possibility someone wants to look at netwk traffic to/from VMs as opposed to finding some other means by which to get sensitive information? I would give my personal opinion that the chances of someone using that to listen to traffic to do bad things is minimal, but honestly...all it takes is 1 time, regardless of the means by which a hacker or whatever does something to your environment...

Regards.
~coolsport00
0
 
LVL 118
ID: 37837172
its much easier for me to walk into your offices, and find a network port on the wall and jack in and sniff?

unless you have port security enabled ON all network switch ports
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 37837177
ha...good point @hanccocka. :) true dat.

again, it's just best practice to configure them according to the security guide, but if it's not config'd, then you have a "hole" open for potential attack. Of COURSE an auditor is going to suggest it be config'd to 'reject'. They will always suggest high security to prevent attacks...
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 3

Author Comment

by:pma111
ID: 37837184
So both promiscuos mode and forged transmits are both around spoof/sniffing traffic?

If you run the compliance checker against your hosts, do you worry about such X's i.e. are you hosts fully compliant with the vsphere compliance checker or are some of the issues so trivial that they arent all that worth worrying about, or is it more a case of it improves security even 1% and therefore we "may as well"?
0
 
LVL 118
ID: 37837187
Spoofing and Prom mode are only useful, for low level network monitoring.
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 37837188
For my org, we use the guides as just that - GUIDES. From there, we decide based on SLAs, auditor recommendations, compliance rules/laws on how do secure our environment...
0
 
LVL 118
ID: 37837189
if there is no requirement for this, they should not be enabled.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Issue with VMware 6 and Commvault Backups 1 97
vCenter 6 join Active Directory 6 73
VMware Storage with no LUN 3 67
Linux VM 6 36
If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now