VCAP-DCV Deploy Objective 8.1

Permissions, study guide, VCAP6-DCV Deploy, vSphere Security
We are now in the eighth and last section of the blueprint ,In this section we are going to cover "Manage authentication and end-user security" Here are the objective from the blueprint : Add/Edit Remove users on an ESXi host Configure vCenter Roles and Permissions according to a deployment plan Configure and manage Active Directory integration Enable and configure an ESXI Pass Phrase Disable the Managed Object Browser (MOB) to reduce attack surface Analyze logs for security-related messages Lab Setup: Using VMware workstation: Microsoft Servers 2012R2 for Services (DNS , DHCP, etc…) Installed esx0 Installed VCSA  Documents used: vCenter Server and Host Management Guide v6.0 vSphere Security Guide v6.0 VMware vSphere vSphere 6.0 Hardening Guide   Add/Edit Remove users on an ESXi host: For this task we will need to connect…
Read More

VCP6-DCV blueprint section 2:Configure and Administer Advanced vSphere 6.x Networking– Objective 2.1 – Part 3

blueprint, Networking, study guide, VCP6-DCV
In this post we will continue implement vDS in for our lab configuration and cover the blueprint objective. Describe vDS Security Polices/Settings: vDS security policies can be applied to the switch in several locations: Apply policy per DPortGroup Apply policy per individual port When you apply policy on a port group you will have the ability to give overwrite access to the ports too. for example if you like allow a specific port to use NetFlow you will need to allow NetFlow option on the DportGroup.   The following are the security polices that you can apply on the DPortGroup and on Individual port Promiscuous Mode Operation – Promiscuous mode eliminates any reception filtering that the virtual machine adapter performs so that the guest operating system receives all traffic observed on the wire. (Mostly…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 2

blueprint, study guide, VCP6-DCV
In this post we will continue to follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert   Harden a virtual machine against Denial-of-Service attacks Control VM-VM communications: In this section I think that VMware refers to the networking security , since VM's can communicate via the local network.for this section i looks at the VMware Security document and also the Security of the VMware vSphere Hypervisor white paper which listed in the blueprint tools.   From the whitepaper : "Just as a physical machine can communicate with other machines in a network only through a network adapter, a virtual machine can communicate with other virtual machines running…
Read More

VCP6-DCV blueprint section 1: Configure and Administer vSphere 6.x Security – Objective 1.2 – Part 1

blueprint, study guide, VCP6-DCV
In this post we will follow the guideline from VMware VCP6-DCV blueprint This post will include only some of the objectives and i will continue in the next post. below are the objective for this post taking from VMware site: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64180&ui=www_cert Knowledge Harden virtual machine access Control VMware Tools installation Control VM data access Configure virtual machine security policies Harden a virtual machine against Denial-of-Service attacks Control VM-VM communications Control VM device connections Configure network security policies Harden ESXi Hosts Enable/Configure/Disable services in the ESXi firewall Change default account access Add an ESXi Host to a directory service Apply permissions to ESXi Hosts using Host Profiles Enable Lockdown Mode Control access to hosts (DCUI/Shell/SSH/MOB) Harden vCenter Server Control datastore browser access Create/Manage vCenter Server Security Certificates Control MOB access Change default…
Read More