Solved

free vsphere compliance checker

Posted on 2013-11-21
12
296 Views
Last Modified: 2013-12-06
Are any of the vmware hardening guide security recommendations generally accepted as "essential", and priority. Our infrastructure team were looking align to the security of the hosts, vcenter and vnetwork in line with the vmware hardening guide, however by looking at the potential impact column of the spreadsheet - many of the settings seem to introduce many issues for operations/support- without seemingly improving the security massively either.

So I wondered if there were some higher priority secureity settings - and if so specific to vsphere and vnetwork which exactly which those are? I assume some are more important than others?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 120
ID: 39665393
You will need to assess which Security Restrictions are important for your organization.

e.g. we work with a client, Security is so restricted you have to be escorted into a Locked ROOM to perform Administration on some VMware Solutions, and are searched when you leave the room!
0
 
LVL 3

Author Comment

by:pma111
ID: 39665403
I would still assume the security controls recommended by vmware must have some level of importance thought, surely. I.e. some more important that others, or offer more benefits than others. I.e. microsoft has critical and important in their recommendations.
0
 
LVL 120
ID: 39665424
Those are Security Patches, with different threat levels. e.g. OS potential hack issues.

VMware Hardening Guide Security are recommendations, you need to asses, the Risk in your business.

We do not know your business, what Security and Governance you have in place for physical servers?

Do you allow CDROM, USB flash drives, floppy drives to be used in your datacentre, with physical servers?

Do you have Passwords on all your KVMs in the datacentre?

Do you have a datcentre? - who is allowed into the datacentre?

Do people sign in and out, with a reason for why they visited?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 3

Author Comment

by:pma111
ID: 39665610
>Those are Security Patches, with different threat levels. e.g. OS potential hack issues.

As well as patches, the microsoft security compliance manager has a number of security configuration recommendaitons and ranks them as either critical or important . I wasnt sure if vmware ranked its security recommendaitons in a similar way, or whether the vmware experts couild give their view on which of the hardening guides settings are crucial, and which are less important.
0
 
LVL 120
ID: 39665613
Can you please answer my previous questions, and I can then advise you, as how Security Aware your Organization is?
0
 
LVL 120
ID: 39665617
Do you use Contract Staff for IT Administration?

Do you allow the use of usb flash drives and mobile phones in your organization?
0
 
LVL 3

Author Comment

by:pma111
ID: 39665681
Is that the core of the vmware recommendations, safeguards against physical access to your hosts?
0
 
LVL 3

Author Comment

by:pma111
ID: 39665695
Also not familiar with "KVM"?
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39665700
Physical Access to any computer system, limits the risk of security, whether physical or virtual, but not all organization apply it, some have servers in open offices.

I'm trying to determine, what you think of the following items in *YOUR* Organization.

1. Do you allow CDROM on your physical servers?

2. Do you allow USB flash drives, with physical servers?

3.Do you allow floppy drives with physical servers?

4. Do you have Passwords on all your KVMs in the datacentre?

5. Do you have a datcentre? - who is allowed into the datacentre?

6. Do people sign in and out, with a reason for why they visited?

7. Do you use Contract Staff for IT Administration?

8. Do you allow the use of usb flash drives?

9. Do you allow mobile phones in your organization?

All the above have an element of security risk to any organization? So where does your organization fit in?
0
 
LVL 120
ID: 39665701
KVM - Keyboard, Video, Monitor switch, allows the use of one keyboard, video and monitor to multiple physical server consoles in the datacentre.
0
 
LVL 3

Author Comment

by:pma111
ID: 39665716
1-3 - as and when required

4 - would have to check

5 - yes

6 - they should do, whether its done or not, unsure

7 - occasionally

8-9 - yes, albeit encrypted (and users need to be added to security groups to drag data to them)
0
 
LVL 120
ID: 39665744
Thanks for answering the questions, so the same would apply to Virtual Machines. Based on a very quick assessment, you seem to have low security, if it was low, medium and high. (this may not be true of course!). Some clients, would answer NO, to all those questions.

You would have to allow virtual machine access to cdroms, floppy disks and usb drives, however there are methods to prevent this.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question