Administrative actions are logged
Details Administrators can make significant changes to a system and their actions must be logged. Solution This is not a...
- Home
- Security Hardening
- TNS Best Practice Citrix Hypervisor
TNS Best Practice Citrix Hypervisor
All network interfaces are operating in full-duplex mode
Details An interface in full-duplex mode can handle more network traffic, improving service availability and the speed of management actions...Auto-start is not enabled
Details Auto-start directs the host to start VM guests when the host is restarted or powered on. In XenServer 6.x,...Disable promiscuous mode on all network interfaces
Details In promiscuous mode all packets received will be processed by the host or VM, which could expose confidential information....Disallow unplug detection on the storage network interface
Details A dedicated storage NIC does not require unplug detection. Solution Run the following command using the uuid of the...Enable only necessary and secure services, protocols, daemons – ‘lwsmd’
Details If Likewise (Active Directory integration) is not required then turn this service off. Solution systemctl disable lwsmd This control...Enable only necessary and secure services, protocols, daemons – ‘snapwatchd’
Details Unintended VM snapshots can degrade performance and use storage resources. If snapshot support is not required then turn this...Enable only necessary and secure services, protocols, daemons – ‘sshd’
Details If SSH is not required then turn this service off. Solution systemctl disable sshd This control applies to the...Enable port locking by default on the VM guest network
Details Port locking prevents ARP and IP spoofing by unknown or untrusted VM guests. It limits their ability to pretend...Enable QoS on all VM guests
Details Quality of Service limits can mitigate denial of service attacks and ensure management access to the host. Though this...