-
1. Re: vSphere 6.5 Security Configuration Guide (née Hardening Guide) Release Candidate
jcporsche Apr 7, 2017 8:52 PM (in response to mikefoley)HI Mike,
What were the basis for the security config guide, did you follow some directives, guidance ?
Thanks for the time
-
2. Re: vSphere 6.5 Security Configuration Guide (née Hardening Guide) Release Candidate
mikefoley Apr 9, 2017 7:03 AM (in response to jcporsche)The guide has been around for around a decade and Pre-dates directives such as PCI. In fact, most PCI, HIPAA & DISA type directives use this guide as the basis for their requirements. This guide would be considered "vendor best practices" or something similar.
-
3. Re: vSphere 6.5 Security Configuration Guide (née Hardening Guide) Release Candidate
goodgrief May 19, 2017 8:24 AM (in response to mikefoley)Hi,
Applying guide settings but found a typo under heading Vulnerability Discussion for Guideline ID "VM.Enable-VGA-Only-Mode". The description is taken from the previous 3 settings "VM.disconnect-devices-serial" etc. IT starts "Ensure that no device is connected to a virtual machine if it is not required" but doesn't describe why VGA only should be used.
Thanks
Michael.
-
4. Re: vSphere 6.5 Security Configuration Guide (née Hardening Guide) Release Candidate
mikefoley May 22, 2017 7:26 AM (in response to goodgrief)Thanks for catching this. I'll update the vulnerability discussion and it will come out in the next update of the guide.
The updated Vulnerability Discussion will be:
Many Server-class virtual machines need only a standard VGA console (typically a Unix/Linux server system). Enabling this setting removes additional unnecessary (for a server workload) functionality beyond disabling 3D.
Thanks again,
mike
-
5. Re: vSphere 6.5 Security Configuration Guide (née Hardening Guide) Release Candidate
kevinstiegler May 31, 2018 7:34 AM (in response to mikefoley)Post hardening, what NESSUS Audit Profiles are we running against the 6.5 architecture to ensure it is meeting compliance?
-
6. Re: vSphere 6.5 Security Configuration Guide (née Hardening Guide) Release Candidate
vXav Jul 19, 2018 4:49 AM (in response to mikefoley)Hi Mike,
In vRops 6.7 I get the "ESXi.config-ntp - NTP firewall rule is not configured" alert because the firewall of the NTP service is set to allow "ALL".
vRops 6.7 security compliance "ESXi.config-ntp - NTP firewall rule is not configured"
Though I can't find a mention to this anywhere in the security guide. Do you have some extra info about it? What's recommended and what's not?
Cheers,
[edit] By the way in the SCG the default value of Security.AccountLockFailures is set to 10. The value in a fresh ESXi 6.5 install is 5.