Hi ,
If a VM is compromised , which is using a production vlan in distriubuted switch hosted on an ESXi host , what will be the worst impact can happen in VM environment .
Will the other VMs running in different vlan in same distributed switch will affect ? will it cause any issue in vCenter enviroment.
@
Hi
They will have no impact. As long as the other VLANS are in different portgroups.
Hi
They will have no impact. As long as the other VLANS are in different portgroups.
Worst case? You havent patched your infrastructure against Spectre|2|NG, or have TPS global enabled on the Host, or one of the way to breach out of the VM to the Host like it was possible in the past.
Regards,
Joerg
Hi,
Using port security policies at port group level allow you to protect from certain behaviors that could compromise security.
For example, a hacker could gain unauthorized access by spoofing the virtual machines MAC address. VMware recommends to set the MAC address Changes and Forged Transmits to “Reject” to help protect against attacks launched by a rogue guest operating system.
Set the Promiscuous Mode to “Reject” unless you want to monitor the traffic for network troubleshooting.
Anyhow, if one of your VM compromised nothing would happen to other VMs as long as they are in different portgroups