Security Hardening for ESX /Esxi

Please advise any Tool/Free Tool can be used to  locate loop wholes on my Esx 3.5,Esxi 4.x/5.x with respect to VMware security hardening

 and best practice to be followed  for VMware security hardening

Thanks in Advance
LVL 1
patronAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

patronAuthor Commented:
https://www.vmware.com/in/security/hardening-guides

m already following above URL..pls. advise  for best on this
0
btanExec ConsultantCommented:
You can check out SCAP () based tool with template ready for VMware, some of the common one (esp by auditor use) include
a) CIS benchmark tool (Using CIS-CAT) - http://benchmarks.cisecurity.org/downloads/audit-tools/
b) Tenable Nessus - http://www.tenable.com/blog/scanning-and-patch-auditing-vmware-using-nessus
c) Qualys - shd be able to import (e.g. PC > Policies > Policies > New > Import Compliance Policy > Import from Library) the VMware tmpl into their tool to scan as well - need to check out the tmpl such as from DISA STIG https://community.qualys.com/thread/11282
http://blogs.vmware.com/security/2014/07/vmware-cpc-releases-major-updates-disa-stig-nix-compliance-toolkit-vcm.html
0
patronAuthor Commented:
Thanks Btan, let me try for this.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

btanExec ConsultantCommented:
To add - if you have VSphere, of interest is the (free) VMware Compliance Checker for vSphere. It checks the compliance of your IT infrastructure against specific standards and best practices that are applicable for the environment
Check compliance for multiple VMware ESX and ESXi servers concurrently — Run compliance check on up to five ESX or ESXi servers at a time and produce reports.

Supports VMware vSphere® hardening guidelines — Perform checks on VMware ESX and ESXi servers to conform with the latest VMware vSphere hardening guidelines. - See more at: https://www.vmware.com/products/vsphere-compliance-checker/features.html#sthash.dE2Lyl7M.dpuf
https://www.vmware.com/products/vsphere-compliance-checker/features.html

This may be the first you like to check on and contact your provider for assessment. However, collectively, VMware vRealize Configuration Manager may be the single stop for compliance checks on the platform concerned
https://my.vmware.com/web/vmware/evalcenter?p=compliance-chk
0
gheistCommented:
Hardening what? You cannot disable management server on storage interface...
0
btanExec ConsultantCommented:
I see the hardening more of the compliance need to audit the lockdown configuration against best practices - more of audit mandate primarily ... just some thoughts
0
patronAuthor Commented:
Thanks Btan.
Ghiest, how can we disable management server for security hardning required for ESX/ESXi ?--as you confirmed above.

please advise the best tool to look for loop wholes for security to be configured on my ESX/ESXi ?
0
btanExec ConsultantCommented:
the VMware own tool will be preferred though Nessus is the next that I will suggest. I do advice do not just based on single input of a tool esp false positive is hard to ascertain.
0
gheistCommented:
You cannot disable it. It is just an illustration how futile and pointless all the hardening will be.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
patronAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.