Ensure Lockdown mode is enabled
Details Enabling lockdown mode disables direct local access to an ESXi host, requiring the host be managed remotely from vCenter...
- Home
- Security Hardening
- CIS VMware ESXi 6.5 V1.0.0 L1
CIS VMware ESXi 6.5 V1.0.0 L1
Ensure Managed Object Browser (MOB) is disabled
Details The Managed Object Browser (MOB) is a web-based server application that lets you examine objects that exist on the...Ensure NTP time synchronization is configured properly
Details Network Time Protocol (NTP) synchronization should be configured correctly and enabled on each VMware ESXi host to ensure accurate...Ensure only authorized users and groups belong to the esxAdminsGroup group
Details The AD group used by vSphere is defined by the esxAdminsGroup attribute. By default, this attribute is set to...Ensure passwords are required to be complex
Details ESXi uses the pam_passwdqc.so plug-in to set password strength and complexity. Options include setting minimum password length, requiring password...Ensure persistent logging is configured for all ESXi hosts
Details ESXi can be configured to store log files on an in-memory file system. This occurs when the host’s Syslog.global.LogDir...Ensure port groups are not configured to the value of the native VLAN
Details ESXi does not use the concept of native VLAN, so do not configure port groups to use the native...Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)
Details Port groups should not be configured to VLAN 4095 except for Virtual Guest Tagging (VGT). When a port group...Ensure remote logging is configured for ESXi hosts
Details By default ESXI logs are stored on a local scratch volume or ramdisk. To preserve logs further configure centralized...Ensure secure protocols are used for virtual serial port access
Details Serial ports are interfaces for connecting peripherals to the VM. They are often used on physical systems to provide...