Can anyone give me a beginners guide to the risks associate with:
1) Not enabling lockdown mode on hosts
2) Not disabling DCUI on hosts
I am relatively new to vmware but as I work in risk these findings have been raised in a security healthcheck, I wanted some expert input into just how dangerous these findings are - perhaps in the context of whether they expose the data on the guests residing on those hosts? Please keep answers pretty basic.
If you enable or disable lockdown mode using the Direct Console User Interface, permissions for users and groups on the host are discarded. To preserve these permissions, you must enable and disable lockdown mode using the vSphere Client connected to vCenter Server. Procedure 1At the Direct Console User Interface of the host, press F2 and log in. 2Scroll to the Configure Lockdown Mode setting and press Enter. 3Press Esc until you return to the main menu of the Direct Console User Interface. also this is link http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-F8F10...
If you enable or disable lockdown mode using the Direct Console User Interface, permissions for users and groups on the host are discarded. To preserve these permissions, you must enable and disable lockdown mode using the vSphere Client connected to vCenter Server. Procedure 1At the Direct Console User Interface of the host, press F2 and log in. 2Scroll to the Configure Lockdown Mode setting and press Enter. 3Press Esc until you return to the main menu of the Direct Console User Interface. also this is link http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-F8F10...
1) Not enabling lockdown mode on hosts
2) Not disabling DCUI on hosts
~dGeorgey
Hi, all
In a ESXI Host with Lockdown Mode enabled (Normal or Restrict Mode), is it possible to someone restart the server and access ESXi Shell using a "Safe Mode" or something like that? My point is: a malicious user could break Lockdown Mode security restarting the ESXi host?
Regards.
Valter Junior
What version of ESXi?
I would expect that without the root password you could not change lockdown mode.
More info from VMware: https://kb.vmware.com/s/article/1008077
Some Linux distros allows an administrator to recover the root password editing the bootloader machine. So, if an administrator do that, it can disable Lockdown Mode?
Regards.
Version 7 Update 3.
Thanks
Thanks for sharing this data guys this is great information