- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone give me a beginners guide to the risks associate with:
1) Not enabling lockdown mode on hosts
2) Not disabling DCUI on hosts
I am relatively new to vmware but as I work in risk these findings have been raised in a security healthcheck, I wanted some expert input into just how dangerous these findings are - perhaps in the context of whether they expose the data on the guests residing on those hosts? Please keep answers pretty basic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you enable or disable lockdown mode using the Direct Console User Interface, permissions for users and groups on the host are discarded. To preserve these permissions, you must enable and disable lockdown mode using the vSphere Client connected to vCenter Server. Procedure 1At the Direct Console User Interface of the host, press F2 and log in. 2Scroll to the Configure Lockdown Mode setting and press Enter. 3Press Esc until you return to the main menu of the Direct Console User Interface. also this is link http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-F8F10...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1) Not enabling lockdown mode on hosts
- To increase the security of your ESXi hosts, you can put them in Lockdown mode.
- When Lockdown is enabled even when your ESXi hosts credentials are exposed to anyone, then who has permission on the vCenter server where the ESXI is locked-down to, only he will have the permissio to perform any task upon your ESXI host.
- Which means if its not enabled whoever has the access to your ESXi host can manipulate the VMS hosted on it.
- Which means if its not enabled whoever has the access to your ESXi host can manipulate the VMS hosted on it.
2) Not disabling DCUI on hosts
- When you enable this service while running in Lockdown mode, you can log in locally to the DCUI as the root user and disable Lockdown mode.
- This is threat if the root user credentials are exposed to any non-authoritative person.
~dGeorgey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, all
In a ESXI Host with Lockdown Mode enabled (Normal or Restrict Mode), is it possible to someone restart the server and access ESXi Shell using a "Safe Mode" or something like that? My point is: a malicious user could break Lockdown Mode security restarting the ESXi host?
Regards.
Valter Junior
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What version of ESXi?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would expect that without the root password you could not change lockdown mode.
More info from VMware: https://kb.vmware.com/s/article/1008077
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some Linux distros allows an administrator to recover the root password editing the bootloader machine. So, if an administrator do that, it can disable Lockdown Mode?
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Version 7 Update 3.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for sharing this data guys this is great information