Solved: Ransomware Protection

handian08 · ‎02-07-2023

Hello,

What can we do to improve our esxi from ransomware attack?

pmichelli · ‎02-07-2023

1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary

2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them

3: Stop joining your VC and ESXi to Active Directory. If your AD gets hacked, they will move with domain credentials to your VMware environment.

This is a good start

View solution in original post

pmichelli · ‎02-07-2023

1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary

2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them

3: Stop joining your VC and ESXi to Active Directory. If your AD gets hacked, they will move with domain credentials to your VMware environment.

This is a good start

scott28tt · ‎02-07-2023

Apply patches and updates.

The attacks in the press at the moment are only applicable to hosts that have not been updated in the last 2 years or more.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

depping · ‎02-07-2023

@pmichelli wrote:

1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary

2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them

3: Stop joining your AD and ESXi to Active Directory. If your AD gets hacked, they will move with domain credentials to your VMware environment.

This is a good start

I think these are probably the best start. Other thing to mention, have a separate management network for ESXi. Make sure that you provide service accounts (backup etc) the correct roles, to often people use Admin accounts for those purposes.

All

Ransomware Protection

Ransomware