vsphere-6.7-update-1-security-configuration-guide.xlsx -...

This preview shows page 1 - 19 out of 240 pages.

Guideline IDESXi.audit-exception-usersESXi.Audit-SSH-DisableESXi.config-ntp
ESXi.config-persistent-logsESXi.config-snmpESXi.disable-mobESXi.enable-ad-authESXi.enable-auth-proxy
ESXi.enable-chap-authESXi.enable-normal-lockdown-modeESXi.enable-remote-syslog
ESXi.enable-strict-lockdown-modeESXi.firewall-restrict-accessESXi.set-account-auto-unlock-timeESXi.set-account-lockout
ESXi.set-dcui-accessESXi.set-dcui-timeoutESXi.set-password-policiesESXi.set-shell-interactive-timeoutESXi.set-shell-timeoutESXi.TransparentPageSharing-intra-enabledESXi.verify-acceptance-level-supportedVM.disable-console-copy
VM.disable-console-pasteVM.disable-disk-shrinking-shrinkVM.disable-disk-shrinking-wiperVM.disable-independent-nonpersistentVM.disable-non-essential-3D-featuresVM.disconnect-devices-floppy
VM.disconnect-devices-parallelVM.disconnect-devices-serialVM.Enable-VGA-Only-ModeVM.limit-setinfo-sizeVM.minimize-console-VNC-useVM.restrict-host-info
VM.TransparentPageSharing-inter-VM-EnabledVM.verify-network-filterVM.verify-PCI-Passthrough
vNetwork.enable-bpdu-filtervNetwork.limit-network-healthcheck vNetwork.reject-forged-transmit-dvportgroup
vNetwork.reject-forged-transmit-StandardSwitchvNetwork.reject-mac-changes-dvportgroupvNetwork.reject-mac-changes-StandardSwitchvNetwork.reject-promiscuous-mode-dvportgroup
vNetwork.reject-promiscuous-mode-StandardSwitchvNetwork.restrict-netflow-usagevNetwork.restrict-port-level-overrides
vNetwork.verify-dvfilter-bind
DescriptionEnsure that the SSH default disablement has not been changedConfigure NTP time synchronizationAudit the list of users who are on the Exception Users List and whether the have administrator privleges
Configure persistent logging for all ESXi hostEnsure proper SNMP configurationDisable Managed Object Browser (MOB)Use Active Directory for local user authenticationWhen adding ESXi hosts to Active Directory use the vSphere Authentication Proxy to protect passwords
Enable bidirectional CHAP, also known as Mutual CHAP, authentication for iSCSI trafficEnable Normal Lockdown Mode to restrict accessConfigure remote logging for ESXi hosts
Enable Strict lockdown mode to restrict accessConfigure the ESXi host firewall to restrict access to services running on the host Set the time after which a locked account is automatically unlockedSet the count of maximum failed login attempts before the account is locked out
Set DCUI.Access to allow trusted users to override lockdown modeAudit DCUI timeout valueEstablish a password policy for password complexitySet a timeout to automatically terminate idle ESXi Shell and SSH sessionsSet a timeout to limit how long the ESXi Shell and SSH services are allowed to runEnsure default setting for intra-VM TPS is correctVerify Image Profile and VIB Acceptance LevelsExplicitly disable copy/paste operations
Explicitly disable copy/paste operationsDisable virtual disk shrinkingDisable virtual disk shrinkingAvoid using independent nonpersistent disksDisable 3D features on Server and desktop virtual machinesDisconnect unauthorized devices

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 240 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Winter
Professor
ERIQUE SIQUEIRA
Tags
IP address, virtual machine

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture