Solved

vsphere compliance checker - prevent spying

Posted on 2012-04-13
9
556 Views
Last Modified: 2012-04-13
In relation to the vSphere compliance checker, the check around preventing other users from spying on admin consoles. Can you give a management friendly overview on who and how a user could spy on the consoles (which “consoles” are they referring to), and how this configuration prevents this. What is the risk if a user can see the admin console, what does this give them? If a hacker wants to spy on such consoles, what position must they be in to spy?
0
Comment
Question by:pma111
  • 5
  • 4
9 Comments
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
Comment Utility
When you use the vSphere Client to connect to the ESX/ESXi server, there is an option to Open a Console to a Virtual Server, so you can see the console screen, MULTIPLE consoles can be opened.

This is what is meany by spying!

It's a bit like a Multiple Shadow session, or LogMeIn, Teamviewer, WebEx, etc
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
So you''d need access to vcenter anyway, and youd be spying on another admin?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Correct.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Sorry but whats the definition of console? And by spying on a console, what kind of information could they gather? If they are only admins allowed to access vcenter, is it really much of an issue if they spy on each other, as theyll likely have access to everything anyway!
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 3

Author Comment

by:pma111
Comment Utility
It sounds like its similar to me spying on my collegue reading a confidential word document, when I could just open the word document myself. Why the need to spy?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
If they do not have access to the vSphere Client, they cannot spy. If you prevent access to the vSphere Client, the majority of your risks, are mitigated. So the less Administrators that have access to vSphere Client the better.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Console, is the Remote Connection to the Server, you can view the contents, just like if you are sitting in front of a screen, and someone looks over your shoulder, they can read and see what you are doing.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Have you concerns around your admins spying on one another? Is that why you implement this configuration?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
With all Administrators in IT, there must be an element of trust.

also when using Open Console Feature, it states if another console has been opened, but you do not know who.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Teach the user how to delpoy the vCenter Server Appliance and how to configure its network settings Deploy OVF: Open VM console and configure networking:
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now