Comprehensive security review of the VMware vSphere Infrastructure with real world recommendations
Trimarc team members have years of experience in VMware design, deployment, administration, and security. Our team brings this expertise to assessing the security posture of Trimarc customer VMware environments to mitigate the pathways attackers and ransomware are leveraging to compromise.
Security Assessment Overview
The Virtual Infrastructure Security Assessment (VISA) engagement involves the analysis of the current VMware vSphere Virtual Infrastructure (vCenter & ESXi) configuration with specific focus on Administration, Configuration, and Security Controls.
The ESXi hypervisor architecture has many built-in security features such as Host State Controls, Host Certificates, vSphere Installation Bundle (VIB) Validation, and ESXi Host Log Files. For enhanced security configure additional features such as lockdown mode, Secure Boot, and Host Profiles.
Administration and Management
Securing vCenter is crucial to ensuring the security to the rest of the virtual infrastructure. Attention and planning will be needed in areas such as Licensing, Access Controls, Global Permissions, vCenter specific controls, Cluster configurations, Certificates and Event logging.
Securing vSphere networking is crucial to protecting the virtual environment and by extension all systems and services hosted by that infrastructure. Securing vSphere networking is crucial to protecting the virtual environment and by extension all systems and services hosted by that infrastructure. There are different security considerations for networking components (i.e. Virtual switches, virtual machines, storage networks) each with its own unique security requirements.
Virtual Machine Management
The guest operating system that runs in the virtual machine is subject to the same security risks as a physical system. Special attention should be paid to ensure that VM Controls, the Virtual Machine State, Console Controls and Virtual Machine template security is planned for and implemented.
Audit Logging and Alerting Configuration
Log files are an important component of troubleshooting attacks and obtaining information about breaches. Logging to a secure, centralized log server can help prevent log tampering. Remote logging also provides a long-term audit record as well as notify administrators of potential security breach.
Roles, Privileges & Permissions allow specified users and groups particular rights to perform actions within the vSphere environment by assigning them to a role and then associating the role with objects in the inventory.
Trimarc Virtual Infrastructure Security Assessment Sample Outline
vSphere Security Assessment Findings & Recommendations