Skip to content

Security

Why you should protect your Virtual SAN Network

As a common best practice you should separate management, vMotion and Virtual SAN traffic from production traffic. This is not only a performance requirement, but also for security concerns. Compared to management traffic which is encrypted and requires authentication and vMotion traffic which is impracticable to eavesdrop, Virtual SAN traffic presents a large surface area to attacks.

This article explains why it is critical to keep Virtual SAN traffic in protected networks and what can happen when you ignore this guideline. I am also explaining how you can detect and monitor such attacks.

Read More »Why you should protect your Virtual SAN Network

How to hide a Virtual Machine

This post explains how you can hide a VMware based Virtual Machine from designated users or the entire vCenter Server infrastructure. I'am explaining different scenarios where you can hide Virtual Machines including:

  • Hide Virtual Machines from Groups or Users in vCenter
  • Hide Virtual Machines from the entire vCenter Server
  • Hide Virtual Machines from root on Single ESXi instances
  • Find hidden Virtual Machines

To clarify, this post does not cover techniques to cloak that the Guest OS is running on a virtual machine, instead of bare metal.

Read More »How to hide a Virtual Machine

More Information on CVE-2015-5177 (ESXi OpenSLP Remote Code Execution)

You might be aware of the 3 critical security issues that VMware has published and fixed a couple of days ago in VMSA-2015-0007. The information provided in the security advisory regarding the first issue, CVE-2015-5177 (ESXi OpenSLP Remote Code Execution), are:

VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to remotely execute code on the ESXi host.

Relevant Releases
VMware ESXi 5.5 without patch ESXi550-201509101
VMware ESXi 5.1 without patch ESXi510-201510101
VMware ESXi 5.0 without patch ESXi500-201510101

In this post I am trying to give a better understanding of the vulnerability and its consequences. Please note that the information in this post are my personal opinions. I cannot guarantee that these information are accurate. The main fact is that VMware has published a fix and you should install the patch to be on the safe side. In the real world, you might have something like a "change process" where you can't rollout the patch for hundreds of systems immediately. Or you have a single ESXi that you don't want to reboot at the moment. In this situation, this post tries to help...

Read More »More Information on CVE-2015-5177 (ESXi OpenSLP Remote Code Execution)

ESXi 5.5 affected by OpenSSL CVE-2014-0160 aka Heartbleed

[Last Update April 19, 2014 - Patches available]

There are a lot of news according to the recently published OpenSSL vulnerability. The bug, also known as "Heartbleed", allows attackers to steal informations that are protected by the SSL/TLS encryption.

Is VMware ESXi and the vCenter affected?
There is currently no official statement from VMware regarding this issue. After some research I found affected versions im VMware products. Here are my findings:

The affected versions are OpenSSL 1.0.1 through 1.0.1f.

Read More »ESXi 5.5 affected by OpenSSL CVE-2014-0160 aka Heartbleed