Security Hardening for ESX /Esxi

Please advise any Tool/Free Tool can be used to  locate loop wholes on my Esx 3.5,Esxi 4.x/5.x with respect to VMware security hardening

 and best practice to be followed  for VMware security hardening

Thanks in Advance
patronTechnical consultant Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

patronTechnical consultant Author Commented:

m already following above URL..pls. advise  for best on this
btanExec ConsultantCommented:
You can check out SCAP () based tool with template ready for VMware, some of the common one (esp by auditor use) include
a) CIS benchmark tool (Using CIS-CAT) -
b) Tenable Nessus -
c) Qualys - shd be able to import (e.g. PC > Policies > Policies > New > Import Compliance Policy > Import from Library) the VMware tmpl into their tool to scan as well - need to check out the tmpl such as from DISA STIG
patronTechnical consultant Author Commented:
Thanks Btan, let me try for this.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

btanExec ConsultantCommented:
To add - if you have VSphere, of interest is the (free) VMware Compliance Checker for vSphere. It checks the compliance of your IT infrastructure against specific standards and best practices that are applicable for the environment
Check compliance for multiple VMware ESX and ESXi servers concurrently — Run compliance check on up to five ESX or ESXi servers at a time and produce reports.

Supports VMware vSphere® hardening guidelines — Perform checks on VMware ESX and ESXi servers to conform with the latest VMware vSphere hardening guidelines. - See more at:

This may be the first you like to check on and contact your provider for assessment. However, collectively, VMware vRealize Configuration Manager may be the single stop for compliance checks on the platform concerned
Hardening what? You cannot disable management server on storage interface...
btanExec ConsultantCommented:
I see the hardening more of the compliance need to audit the lockdown configuration against best practices - more of audit mandate primarily ... just some thoughts
patronTechnical consultant Author Commented:
Thanks Btan.
Ghiest, how can we disable management server for security hardning required for ESX/ESXi ?--as you confirmed above.

please advise the best tool to look for loop wholes for security to be configured on my ESX/ESXi ?
btanExec ConsultantCommented:
the VMware own tool will be preferred though Nessus is the next that I will suggest. I do advice do not just based on single input of a tool esp false positive is hard to ascertain.
You cannot disable it. It is just an illustration how futile and pointless all the hardening will be.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
patronTechnical consultant Author Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.