VMware vSphere and Virtual Infrastructure Security

Title Change

VMware vSphereTM and Virtual Infrastructure Security: Securing the Virtual Environment

There are so many similarities between VMware vSphere and Virtual Infrastructure from a security perspective that we decided to change the title of the book. The book already covered VMsafe and other APIs, Distributed Virtual Switches, as well as other aspects of vSphere security. It seemed logical to change the title to reflect this.

Publish Date

June 2009 by Pearson Education

More Info about the Author

Contributing Authors

Tim Pierson who contributed the chapter on penetration testing.
Tom Howarth who contributed the chapter on Virtual Desktop Environments.

Order

Links to Articles/Interviews about Book

Errata/Additions

  • Lockdown by Source IP page 356
    In Step 4 of the Hardening script instead of creating a secondary firewall script when using VMware vSphere you can use the following style of esxcfg-firewall commands to let VMware vSphere manage the rules.

    esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH"
    esxcfg-firewall --ipruleAdd AdminIP,22,tcp,ACCEPT,"Allow_Admin_IP_SSH"

    In addition to taking just an IP address, you can also use a subnet as seen by the block all rule. Order of the above rules is very important and you should review the rules to verify everything. See VMware Communities post How to configure service console firewall to only allow access from certain IPs?

Join the Conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *

I accept the Privacy Policy

This site uses Akismet to reduce spam. Learn how your comment data is processed.