Ensure previous 5 passwords are prohibited
Details This setting prevents users from utilizing previously used passwords. Rationale: Users may attempt to reuse passwords which could lead...
- Home
- Security Hardening
- CIS VMware ESXi 7.0 V1.1.0 L1
CIS VMware ESXi 7.0 V1.1.0 L1
Ensure remote logging is configured for ESXi hosts
Details By default, ESXI logs are stored on a local scratch volume or ramdisk. To preserve logs, also configure remote...Ensure secure protocols are used for virtual serial port access
Details Serial ports are interfaces for connecting peripherals to the VM. They are often used on physical systems to provide...Ensure SNMP is configured properly – ‘community name private does not exist’
Details Simple Network Management Protocol (SNMP) can be used to help manage hosts. Many organizations have other means in place...Ensure SNMP is configured properly – ‘community name public does not exist’
Details Simple Network Management Protocol (SNMP) can be used to help manage hosts. Many organizations have other means in place...Ensure SSH is disabled
Details The ESXi shell, when enabled, can be accessed directly from the host console through the DCUI or remotely using...Ensure standard processes are used for VM deployment
Details Have a standard process for VM deployment whether this is a VMware template or another means to ensure Operating...Ensure storage area network (SAN) resources are segregated properly
Details Use zoning and logical unit number (LUN) masking to segregate storage area network (SAN) activity. Zoning provides access control...Ensure the DCUI timeout is set to 600 seconds or less
Details The Direct Console User Interface (DCUI) is used for directly logging into an ESXi host and carrying out host...Ensure the ESXi host firewall is configured to restrict access to services running on the host
Details The ESXi firewall is enabled by default and allows ping (ICMP) and communication with DHCP/DNS clients. Access to services...