Ensure SNMP is configured properly – ‘community name private does not exist’
Details Simple Network Management Protocol (SNMP) can be used to help manage hosts. Many organizations have other means in place...
- Home
- Security Hardening
- CIS VMware ESXi 6.5 V1.0.0 L1
CIS VMware ESXi 6.5 V1.0.0 L1
Ensure SNMP is configured properly – ‘community name public does not exist’
Details Simple Network Management Protocol (SNMP) can be used to help manage hosts. Many organizations have other means in place...Ensure SSH is disabled
Details The ESXi shell, when enabled, can be accessed directly from the host console through the DCUI or remotely using...Ensure storage area network (SAN) resources are segregated properl
Details Use zoning and LUN masking to segregate SAN activity. For example, zones defined for testing should be managed independently...Ensure templates are used whenever possible to deploy VMs
Details Use a hardened base operating system template image to create other, application-specific templates and use the application-specific templates to...Ensure that port groups are not configured to VLAN values reserved by upstream physical switches
Details Ensure that port groups are not configured to VLAN values reserved by upstream physical switches. Certain physical switches reserve...Ensure the DCUI timeout is set to 600 seconds or less
Details The Direct Console User Interface (DCUI) is used for directly logging into an ESXi host and carrying out host...Ensure the ESXi shell is disabled
Details The ESXi shell is an interactive command line environment available from the Direct Console User Interface (DCUI) or remotely...Ensure the Exception Users list is properly configured
Details Users who are added to the “Exception Users” list do not lose their permissions when the host enters lockdown...Ensure the maximum failed login attempts is set to 3
Details Authentication should be configured so there is a maximum number of consecutive failed login attempts for each account, at...