2,187
edits
Difference between revisions of "Installation (ESX)"
Jump to navigation
Jump to search
m
→Security Hardening: Added "Network Settings"
m (→Procedures: Added "Quick commands") |
m (→Security Hardening: Added "Network Settings") |
||
| Line 85: | Line 85: | ||
===== Console ===== | ===== Console ===== | ||
Prepend your banner to the <code>/etc/issue</code> file | Prepend your banner to the <code>/etc/issue</code> file | ||
=== ESX === | |||
==== Network Settings ==== | |||
{|cellpadding="2" cellspacing="0" border="1" | |||
|- | |||
! Setting !! Default !! Preferred !! Explanantion | |||
|- | |||
| '''Promiscuous Mode''' || Reject || Reject | |||
|| Principally used in situations where you need to perform a network traffic (snif) capture. Data from all ports propagates to all ports (VM Port group becomes a hub rather than a switch) | |||
|- | |||
| '''MAC address changes''' || Accept || Reject | |||
|| There are situations where allowing MAC Address Changes to Accept is required. For example; legacy applications, clustered environments, and licensing. Legacy applications may require a specific MAC addresses to be used for the application. Microsoft Clusters utilize an artificial MAC address for all servers in the cluster | |||
|- | |||
| '''Forged Transmits''' || Accept || Reject | |||
|| The setting affects traffic transmitted from a virtual machine. If this option is set to reject, the virtual switch compares the source MAC address being transmitted by the operating system with the effective MAC address for its virtual network adapter to see if they are the same. If the MAC addresses are different, the virtual switch drops the frame. The guest operating system will not detect that its virtual network adapter cannot send packets using the different MAC address. To protect against MAC address impersonation, all virtual switches should have forged transmissions set to reject | |||
|} | |||
= Procedures = | = Procedures = | ||