An unsigned VIB represents untested code installed on an ESXi host.
Verify the ESXi Image Profile to only allow signed VIBs. The ESXi Image Profile and vSphere Installation Bundle (VIB) Acceptance Levels must be verified. TLS 1.2 should be enabled on all interfaces and SSLv3, TL 1.1, and 1.0 disabled where supported. TLS 1.0 and 1.1 are deprecated protocols with well-published shortcomings and vulnerabilities. The ESXi host must exclusively enable TLS 1.2 for all endpoints. This allows it to stage malicious attacks on the devices in. If the virtual machine operating system changes the MAC address, it can send frames with an impersonated source MAC address at any time. The virtual switch MAC Address Change policy must be set to reject on the ESXi host. The ESXi host SSH daemon must not allow authentication using an empty password.Ĭonfiguring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere. Findings (MAC III - Administrative Sensitive) Finding ID
0 kommentar(er)
