https://aznot.com/index.php?action=history&feed=atom&title=VMworld_2015%2FvSphere_6_Security_UpdateVMworld 2015/vSphere 6 Security Update - Revision history2026-05-09T00:13:26ZRevision history for this page on the wikiMediaWiki 1.41.0https://aznot.com/index.php?title=VMworld_2015/vSphere_6_Security_Update&diff=2458&oldid=prevKenneth at 20:06, 1 September 20152015-09-01T20:06:18Z<p></p>
<p><b>New page</b></p><div>vSphere Hardening Guide - READ IT<br />
<br />
by Mike Foley<br />
<br />
#INF4758 on Twitter<br />
<br />
http://blogs.vmware.com/vsphere/author/mike_foley<br />
<br />
Twitter: @vSphereSecurity<br />
<br />
VMware Security Hardening Guides | United States - http://www.vmware.com/security/hardening-guides<br />
<br />
vSphere 6.0 Hardening Guide – Overview of coming changes - VMware vSphere Blog - VMware Blogs - https://blogs.vmware.com/vsphere/2015/02/vsphere-6-0-hardening-guide-overview-coming-changes.html<br />
<br />
vSphere is secure out of the box, so this guide is more of an "auditing" guide.<br />
<br />
Prepares system for operational readiness<br />
* auditing, control, active directory, ntp, syslog<br />
<br />
May disable some ease-of-use features<br />
* features meant for POC and test environments<br />
<br />
Reduces attack surface - disabled un-used functionality<br />
<br />
Provides audit guidelines for compliance standards (PCI, HIPAA, SOX, DISA, etc)<br />
<br />
Makes the product less susceptible to threats and vulnerabilities<br />
<br />
Acts as a tool to generate discussion on risk management<br />
<br />
vSphere 6 Hardening Guide - major improvements<br />
* cleaned up<br />
* easier to implement<br />
* new focus on programmatic guidance<br />
* goal to be mostly accessible via APIs and/or CLIs<br />
* automation, automation, automation<br />
* leverage vsphere APIs<br />
* easier to produce<br />
<br />
Programmatic Guidance vs Operational Guidance<br />
* Science vs Art<br />
<br />
Operational Guidance becomes "best practices"<br />
<br />
Old guide grouped by tabs. New guide now a flat namespace (taxonomy), easier to parse through.<br />
<br />
vCheck Hardening Guide plugin - free powershell script that can send a daily update on various statuses (recommended)<br />
<br />
Major security enhancements in vSphere 6.0:<br />
* increased flexibility in lockdown mode<br />
* added cac smart card authentication to dcui (fed customers only)<br />
* improved esxi password and account management<br />
* enhanced auditing of admin actions<br />
* certificate lifecycle management for vcenter and esxi<br />
<br />
all sorts of new commands added to esxcli<br />
<br />
Flexible Lockdown Mode:<br />
* Normal and Strict (DCUI stopped)<br />
<br />
vSphere 6.0 Certificate Manager - generate SSL and CSRs<br />
<br />
VMCA - VMware Certificate Authority</div>Kenneth