Vsphere (vsphere Security Technology) (14th)

Source: Internet
Author: User

650) This. width = 650; "Title =" 2.png" src = "http://s3.51cto.com/wyfs02/M01/3F/76/wKiom1PJPSjDn817AASGLu-jd0c600.jpg" width = "741" Height = "502" alt = "wKiom1PJPSjDn817AASGLu-jd0c600.jpg"/>

Esxi is relatively safer because it has fewer applications.
ESX has a built-in firewall.
He can also use Linux-related commands

Next let's take a look at the ESX firewall.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M00/3F/76/wKioL1PJPp-Qf4jqAALPC45sfLs851.jpg" alt = "wKioL1PJPp-Qf4jqAALPC45sfLs851.jpg"/>

You can configure inbound rules for corresponding ports in properties.

650) This. width = 650; "Title =" 3.png" src = "http://s3.51cto.com/wyfs02/M01/3F/76/wKioL1PJP0Hwyt3iAAXCmsWgGCY986.jpg" width = "738" Height = "502" alt = "wkiol1pjp0hwyt3iaaxcmswggcy986.jpg"/>

Esxi itself does not have a firewall, so how to do security is two methods: Physical firewall and copy the root password

 

650) This. width = 650; "Title =" 5.png" src = "http://s3.51cto.com/wyfs02/M02/3F/76/wKioL1PJQMvjGxh3AAYPYWhfY28856.jpg" width = "737" Height = "512" alt = "wkiol1pjqmvjgxh3aaypywhfy28856.jpg"/>

3. We recommend that you configure and create the host profilers host configuration file.

650) This. width = 650; "Title =" 8.png" src = "http://s3.51cto.com/wyfs02/M00/3F/76/wKioL1PJQiay7BVeAAKc5yup5Ns930.jpg" alt = "wkiol1pjqiay7bveaakc5yup5ns930.jpg"/>

650) This. width = 650; "Title =" 9.png" src = "http://s3.51cto.com/wyfs02/M02/3F/76/wKiom1PJQR7wV082AAIVXwDkDOI520.jpg" width = "555" Height = "434" alt = "wkiom1pjqr7wv082aaivxwdkdoi51_jpg"/>

If any changes or other changes are found, check whether the host file has been modified.

4. patch through update manager. I will not talk much about it in the previous lesson.

5. What does activating lockdown mode mean to disable local esxi users? You can only manage VM hosts through vcenter.

Next, let's take a look at how to protect the center from a Windows perspective.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M02/3F/77/wKiom1PJQuPhBosBAAVAX47BRBU845.jpg" width = "738" Height = "487" alt = "wkiom1pjquphbosbavax47brbu845.jpg"/>

650) This. width = 650; "Title =" 4.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKiom1PJQ3XBGQb1AAaugn_mvDQ899.jpg" width = "737" Height = "498" alt = "wkiom1pjq3xbgqb1aaaugn_mvdq899.jpg"/>

1. Previously, I installed vcenter and database on the same host. This is not safe. It is recommended to be separated.

2. Use a dedicated management account to manage vcenter

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M00/3F/77/wKiom1PJQ-Owv34bAAPE9Poe8TQ970.jpg" width = "740" Height = "529" alt = "wKiom1PJQ-Owv34bAAPE9Poe8TQ970.jpg"/>

 

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M00/3F/77/wKioL1PJRxmBQWy2AASPvJsC7Tc139.jpg" width = "738" Height = "511" alt = "wkiol1pjrxmbqwy2aaspvjsc7tc139.jpg"/>

1 A. Cisco nexus 1000 V can be used

B. install an IDS monitor under a port-group.

C. Do you remember the three?

650) This. width = 650; "style =" width: 742px; Height: 577px; "Title =" 2.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKiom1PJRw3A_qjJAAMEF1dBjN8764.jpg" width = "649" Height = "594" alt = "wkiom1pjrw3a_qjjaamef1dbjn8764.jpg"/>

The first option means that the denial is an excuse to give this package to all in the port-group. This is a denial.

The second and fourth are: if you choose to reject them, you will not be able to access the Mac in the VM host after you change it.

Another is to install the latest patch.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKioL1PJTNeCdbmFAAW42MyZPyI722.jpg" width = "741" Height = "534" alt = "wkiol1pjtnecdbmfaaw42myzpyi722.jpg"/>

First, we will not start with the second.

In general, it is the border application layer Terminal.

2. A vswitch is connected to the edge border firewall and then to a new host. Then, some policies can be implemented after the VM is connected.

3. A vswitch is connected to an AAP and VM. It uses some drivers to control Nic traffic.

4. Install the VM on the client and give the analysis comments to the endpoint for anti-virus.

To implement these functions, you must first install the manager

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M02/3F/77/wKiom1PJTaajkSoLAAMbgNlU7go149.jpg" width = "741" Height = "515" alt = "wkiom1pjtaajksolaambgnlu7go149.jpg"/>

 

650) This. width = 650; "style =" width: 699px; Height: 460px; "Title =" 2.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKioL1PJT9qiu_AXAANudxS1Azg952.jpg" width = "712" Height = "460" alt = "wkiol1pjt9qiu_axaanudxs1azg952.jpg"/>

The following figure shows how to accept the next step.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M00/3F/77/wKiom1PJT13S2A4DAAMiTbk9orw217.jpg" width = "738" Height = "490" alt = "wkiom1pjt13s2a4daamitbk9orw217.jpg"/>

After configuring the IP Gateway DNS domain name through setup, you can manage it on the web page.

650) This. width = 650; "Title =" 2.png" src = "http://s3.51cto.com/wyfs02/M02/3F/77/wKioL1PJUVmyxchqAAMLjLuYfiY724.jpg" width = "740" Height = "513" alt = "wkiol1pjuvmyxchqaamljluyfiy724.jpg"/>

 

650) This. width = 650; "Title =" 2.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKiom1PJUKCDWPMJAAOXDrPcQ_g899.jpg" width = "740" Height = "515" alt = "wkiom1pjukcdwpmjaaoxdrpcq_g899.jpg"/>

650) This. width = 650; "Title =" 3.png" src = "http://s3.51cto.com/wyfs02/M00/3F/77/wKioL1PJUd3hTNlFAAPVZyT8a1E815.jpg" width = "739" Height = "496" alt = "wkiol1pjud3htnlfaapvzyt8a1e815.jpg"/>

650) This. width = 650; "Title =" 4.png" src = "http://s3.51cto.com/wyfs02/M02/3F/77/wKiom1PJUYbAn8O9AAQJsOh_sMg217.jpg" width = "737" Height = "504" alt = "wkiom1pjuyban8o9aaqjsoh_smg217.jpg"/>

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKioL1PJUtmTGrqzAAO2VtemKvI745.jpg" width = "740" Height = "536" alt = "wkiol1pjutmtgrqzaao2vtemkvi745.jpg"/>

This item was purchased separately.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M00/3F/77/wKiom1PJUsOjZG9mAAQNBGiIWYo978.jpg" width = "741" Height = "498" alt = "wkiom1pjusojzg9maaqnbgiiwyo978.jpg"/>

By default, all policies are allowed. If you want to apply some policies, you can modify them in the direction of my Red Arrow.

650) This. width = 650; "Title =" 3.png" src = "http://s3.51cto.com/wyfs02/M02/3F/77/wKiom1PJU0nCrObMAAMdAaISIDs997.jpg" width = "734" Height = "518" alt = "wkiom1pju0ncrobmaamdaaisids997.jpg"/>

You can also select flow montoring to monitor the traffic of the host.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M01/3F/77/wKioL1PJVbiBBMceAAWIeTamuT4498.jpg" width = "739" Height = "494" alt = "wkiol1pjvbibbmceaawietamut4498.jpg"/>

I will not do the experiment here for a brief introduction.

650) This. width = 650; "Title =" 1.png" src = "http://s3.51cto.com/wyfs02/M02/3F/77/wKioL1PJV-Pi7ENhAAG6Q4Rp-R8779.jpg" alt = "wKioL1PJV-Pi7ENhAAG6Q4Rp-R8779.jpg"/>

I have saved CPU resources. I will talk about it today. If you have never used this article, I would like to thank you!

 

 

 

 

 

 

 

 

This article is from the "diaosi life" blog and will not be reproduced!

Vsphere (vsphere Security Technology) (14th)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.