VMware Horizon Community
vmsf
Contributor
Contributor
Jump to solution

Best way to lock down a Security Server in DMZ

Hi,

Are there any best practices or recommendations from VMware regarding locking down a Security Server in DMZ?

Any suggestions are welcome.

Thx,

-sf

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
Jump to solution

There is a draft View Security Server hardening guide referenced here - http://communities.vmware.com/thread/300885

Mark

View solution in original post

Reply
0 Kudos
7 Replies
gunnarb
Expert
Expert
Jump to solution

From what standpoint:

From a firewall standpoint yes.

From external to DMZ only open ports 443, 4172TCP, 4172UDP.

Check this out:

http://communities.vmware.com/docs/DOC-14974

Gunnar

Gunnar Berger http://www.gunnarberger.com http://www.endusercomputing.com
Reply
0 Kudos
vmsf
Contributor
Contributor
Jump to solution

Thanks for the reply.

My question is more from the Windows OS perspective. Are there any customization steps recommended to lock the OS down?

Reply
0 Kudos
mittim12
Immortal
Immortal
Jump to solution

I think from an OS perspective you would stop and disable uneeded services, a possible rename of the Admin account to something on standard, and of a course a really good password.   Also limit who has access to the box.   The more administrators inside the box messing around the greater potential for something to happen. 

Reply
0 Kudos
gunnarb
Expert
Expert
Jump to solution

I wouldn't be too concerned with Windows itself, keep it patched and only allow the ports that are needed to access it.  Its going to be difficult to exploit a box if you can only see it on the secure ports. 

Gunnar Berger http://www.gunnarberger.com http://www.endusercomputing.com
Reply
0 Kudos
vmsf
Contributor
Contributor
Jump to solution

Thanks mittim / Gunnar.

Windows OS in a DMZ is always a serious concern.

I was wondering if using the default Windows Security Profiles would achieve a better result but wasn't sure if it would break something else too.

Reply
0 Kudos
markbenson
VMware Employee
VMware Employee
Jump to solution

There is a draft View Security Server hardening guide referenced here - http://communities.vmware.com/thread/300885

Mark

Reply
0 Kudos
vmsf
Contributor
Contributor
Jump to solution

Thanks Mark - that is exactly what I was looking for.

Any idea when will the final version be released?

Reply
0 Kudos