Hello all,
I am reading the following document http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf
And on page 7 where it says "Set Layer 2 Security Options on Virtual Switches
Protect against attacks such as data snooping, sniffing, and MAC spoofing by disabling the promiscuous mode, MAC address changes, and forged transmissions capabilities on the virtual network interfaces."
How do I interpret the virtual network interfaces ? Are those the vSwitches or VM Port Group ?
Thanks for ur help,
Those are not the defaults. MAC Address Changes: Rject and Forged Transmits: Reject would be the defaults.
But before you go changing them - they dont automatically indicate a security problem - you should find out why they were changed first.
Welcome to the Community,
the VM's are connected to port groups. However, you can either configure these values on the vSwitch level and let the port group inherit them or you can configure them on individual port groups.
André
Hmm, on my environment at the vSwitch level I have: Promiscous: Reject, MAC Address Changes: Accept and Forged Transmits: Accept.
Are those the default values ?
If I want to implement Layer 2 Security, dont need to be disable ?
Thanks for your help,
Those are not the defaults. MAC Address Changes: Rject and Forged Transmits: Reject would be the defaults.
But before you go changing them - they dont automatically indicate a security problem - you should find out why they were changed first.
Hmm, thank you very much.
Maybe Edit the Security Policy for a Distributed Port Group helps you to decide what's to meet your requirements.
André