XenServer – Host version
Details The current XenServer version should be reviewed. NOTE: Nessus has provided the target output to assist in reviewing the...
- Home
- Security Hardening
- TNS Best Practice Citrix XenServer
TNS Best Practice Citrix XenServer
XenServer – Administrative actions are logged
Details Administrators can make significant changes to a system and their actions must be logged. Solution This is not a...XenServer – Identify a network interface to be used for storage access
Details Network traffic for storage should be segregated from normal VM and management traffic to limit access and ensure reliable...XenServer – All network interfaces are operating in full-duplex mode
Details An interface in full-duplex mode can handle more network traffic, improving service availability and the speed of management actions...XenServer – Install a trusted CA certificate on the pool
Details Using a certificate on the pool allows encrypted communications with the pool master through SSL. This check verifies that...XenServer – Auto-start is not enabled
Details Auto-start directs the host to start VM guests when the host is restarted or powered on. In XenServer 6.x,...XenServer – Install a trusted certificate in place of the default self-signed SSL certificate
Details A certificate from a trusted CA allows for secure identification of the XenServer host to XAPI clients such as...XenServer – Disable promiscuous mode on all network interfaces
Details In promiscuous mode all packets received will be processed by the host or VM, which could expose confidential information....XenServer – Disallow unplug detection on the storage network interface
Details A dedicated storage NIC does not require unplug detection. Solution Run the following command using the uuid of the...XenServer – Enable only necessary and secure services, protocols, daemons – ‘lwsmd’
Details If Likewise (Active Directory integration) is not required then turn this service off. Solution systemctl disable lwsmd This security...