Home
Security Hardening
CIS VMware ESXi 6.5 V1.0.0 L1 Bare Metal

CIS VMware ESXi 6.5 V1.0.0 L1 Bare Metal

Ensure a centralized location is configured to collect ESXi host core dumps
Details The VMware vSphere Network Dump Collector service allows for collecting diagnostic information from a host that experiences a critical...
Ensure a non-root user account exists for local admin access
Details By default, each ESXi host has a single “root” admin account that is used for local administration and to...
Ensure default self-signed certificate for ESXi communication is not used
Details The default certificates are not signed by a trusted certificate authority (CA) and should be replaced with valid certificates...
Ensure expired and revoked SSL certificates are removed from the ESXi server
Details By default, ESXi hosts do not have Certificate Revocation List (CRL) checking available, so expired and revoked SSL certificates...
Ensure no unauthorized kernel modules are loaded on the host
Details ESXi hosts by default do not permit the loading of kernel modules that lack valid digital signatures. This feature...
Ensure the ESXi host firewall is configured to restrict access to services running on the host
Details The ESXi Firewall is enabled by default and allows ping (ICMP) and communication with DHCP/DNS clients. Access to services...
Ensure the Image Profile VIB acceptance level is configured properly
Details A VIB (vSphere Installation Bundle) is a collection of files that are packaged into an archive. The VIB contains...