http://isc.sans.org/diary.html?storyid=8080
VMware announces the first draft of the vSphere Hardening Guide,
posted for public comment. A worthy successor to the current VMware
Hardening Guide, it contains over 100 guidelines, split into the
following sections:
* Introduction
* Virtual Machines
* Host
* vNetwork
* vCenter
* Console OS (for ESX)
Aside from the versioning difference, this newer version of the guide
uses a standardized format, and has severity levels for each security
recommendation. The Hardening Guide can certainly be used as-is for
production environments today, but we can expect changes over the next
while in response to comments to the posted draft. While reviewing the
draft, you’ll see that most guidelines are worded to be “script
friendly”, which is very nice to see.
The announcement can be found here ==> http://blogs.vmware.com/security/2010/01/announcing-vsphere-40-hardening-guide-public-draft-release.html
The actual hardening guides can be found here ==> http://communities.vmware.com/community/vmtn/general/security?view=documents
Again, each document has a comments form, the authors are actively
seeking constructive comments on these documents before going to a
final version.
Leave a Reply
You must be logged in to post a comment.