.

vSphere/ESXi Vulnerability Assessments

<<

ras76

User avatar

Newbie
Newbie

Posts: 15

Joined: Wed Mar 27, 2013 9:48 am

Post Wed Mar 27, 2013 9:52 am

vSphere/ESXi Vulnerability Assessments

Can anyone recommend any specific tools or resources for vulnerability assessments of ESXi and vCenter, in addition, can you share any common security weaknesses/misconfigurations you find when security auditing ESXi/vCenter?

Many Thanks
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Wed Mar 27, 2013 10:59 am

Re: vSphere/ESXi Vulnerability Assessments

I've actually just completed an internal review of a VCenter setup, so here are the bits I found:

1. Is VCenter using a self-signed or auth'd certificate the prove its identity?

2. Is VCenter running a vulnerable version? See here: http://erpscan.com/wp-content/uploads/2012/08/VMWARE_DEFCON.pdf

3. Is a MOTD displayed when a user logs into VCenter?

4. If DRS is being used, are mission critical virtual machines (such as Domain Controllers) being forced onto separate hosts?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Mar 30, 2013 12:54 pm

Re: vSphere/ESXi Vulnerability Assessments

VMware has excellent hardening guides available: http://communities.vmware.com/community ... =documents

Those are what I've used when performing ESX/vSphere assessments.
The day you stop learning is the day you start becoming obsolete.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software