Hello,
What can we do to improve our esxi from ransomware attack?
1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary
2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them
3: Stop joining your VC and ESXi to Active Directory. If your AD gets hacked, they will move with domain credentials to your VMware environment.
This is a good start
1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary
2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them
3: Stop joining your VC and ESXi to Active Directory. If your AD gets hacked, they will move with domain credentials to your VMware environment.
This is a good start
Apply patches and updates.
The attacks in the press at the moment are only applicable to hosts that have not been updated in the last 2 years or more.
@pmichelli wrote:
1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary
2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them
3: Stop joining your AD and ESXi to Active Directory. If your AD gets hacked, they will move with domain credentials to your VMware environment.
This is a good start
I think these are probably the best start. Other thing to mention, have a separate management network for ESXi. Make sure that you provide service accounts (backup etc) the correct roles, to often people use Admin accounts for those purposes.