XenServer – Enable only necessary and secure services, protocols, daemons – ‘snapwatchd’
Details Unintended VM snapshots can degrade performance and use storage resources. If snapshot support is not required then turn this...
- Home
- Security Hardening
- TNS Best Practice Citrix XenServer
TNS Best Practice Citrix XenServer
XenServer – Enable only necessary and secure services, protocols, daemons – ‘sshd’
Details If SSH is not required then turn this service off. Solution systemctl disable sshd This security hardening control applies...XenServer – Enable port locking by default on the VM guest network
Details Port locking prevents ARP and IP spoofing by unknown or untrusted VM guests. It limits their ability to pretend...XenServer – Enable QoS on all VM guests
Details Quality of Service limits can mitigate denial of service attacks and ensure management access to the host. Though this...XenServer – Enable remote syslog
Details Security log information could be modified or lost if the host is compromised or fails. Send syslog messages to...XenServer – Ensure IP forwarding is disabled
Details Disable IP forwarding to prevent incoming packets from being forwarded. Solution Add net.ipv4.ip_forward=0 to /etc/sysctl.conf This security hardening control...XenServer – External authentication is disabled
Details XenServer can integrate with Active Directory and grant AD groups access to XenServer roles. This integration may not be...XenServer – High availability is enabled
Details Multiple hosts can be joined to a resource pool to provide redundancy and improve availability of the services provided...XenServer – Host is enabled
Details Enabled hosts can run VM guests. Solution A host may be disabled for maintenance, or it may indicate an...XenServer – List VM CPU allocations
Details The allocated virtual CPUs (VCPU) should be reviewed. Desired settings depend on workload and operating system type. NOTE: Nessus...