Whatever your chosen acronym for distributed vSwitches, the default security policy is to accept MAC address changes and forged transmits. Even the hardening guides think this is a bad idea (and we know how checking those security those checkboxes from the hardening guide spreadsheet makes us feel, miright?).
GeekAfterFive has the code from his vCloud deployment that also works handy for 5.0 VDS's (and probably 5.1 and 5.5).
Even the 5.0 and 5.1 hardening guides don't have PowerCLI code to change the setting from the default insecure to reject this traffic. Pretty awesome resource there, GeekAfterFive. Good and bad that you're not blogging anymore from "the mothership".
Monday, September 16, 2013
Wednesday, September 4, 2013
5.0 -> 5.5
Per VMWorld session on vCenter, recommendation to stick with 5.0 and wait for 5.5 in order to not deal with the crap SSO in 5.1. Still no GA release date. Crossing my fingers that 5.5 is that much better...
VCAP5-DCA
Tooting my own horn here. VCAP5-DCA passed, even while giving AudoDeploy the finger. Thank you VMware for the super fast turn around on results (rather than the 3 weeks of dread last time).
VCP5-Desktop next up.
Subscribe to:
Posts (Atom)