Ensure the shell services timeout is set to 1 hour or less
Details When the ESXi shell or SSH services are enabled on a host, they will run indefinitely. To avoid this,...
- Home
- Security Hardening
- CIS VMware ESXi 6.5 V1.0.0 L1
CIS VMware ESXi 6.5 V1.0.0 L1
Ensure the vSwitch Forged Transmits policy is set to reject
Details Set the vSwitch Forged Transmits policy to reject for each vSwitch. Reject Forged Transmit can be set at the...Ensure the vSwitch MAC Address Change policy is set to reject
Details Ensure the MAC Address Change policy within the vSwitch is set to reject. Reject MAC Changes can be set...Ensure the vSwitch Promiscuous Mode policy is set to reject
Details Ensure the Promiscuous Mode Policy within the vSwitch is set to reject. Promiscuous mode can be set at the...Ensure unauthorized connection of devices is disabled
Details In a virtual machine, users and processes without root or administrator privileges can connect devices, such as network adapters...Ensure unauthorized modification and disconnection of devices is disabled
Details In a virtual machine, users and processes without root or administrator privileges can disconnect devices, such as network adapters...Ensure uniqueness of CHAP authentication secrets for iSCSI traffic
Details Challenge-Handshake Authentication Protocol (CHAP) requires both client and host to know the secret (password) to establish a connection. Each...Ensure unnecessary floppy devices are disconnected
Details Ensure that no floppy device is connected to a virtual machine unless required. For a floppy device to be...Ensure unnecessary or superfluous functions inside VMs are disabled
Details Disable all system components that are not needed to support the application or service running on the VM. VMs...Ensure unnecessary parallel ports are disconnected
Details Ensure that no parallel port is connected to a virtual machine unless required. For a parallel port to be...