VMware vSphere

Hi,

I'm working on a project where I need to set up a VMware ESXi host, but the project owner demands that all ports should be closed unless properly accounted for.

In that regard, I've done a port scan and the following ports on my host seem to be open by default:

PORT     STATE  SERVICE

22/tcp   open   ssh

80/tcp   open   http

427/tcp  closed svrloc

443/tcp  open   https

902/tcp  open   iss-realsecure

5988/tcp closed wbem-http

5989/tcp closed wbem-https

8000/tcp open   http-alt

8300/tcp open   tmi

9080/tcp open   glrpc

68/udp   closed dhcpc

161/udp  closed snmp

427/udp  open   svrloc

My question is: Is it possible to disable http (but not https)?

I've found ways to disable web access entirely, but I still want the server to respond on https.

Thanks!

Port 80 (HTTP) is a redirect to port 443 (HTTPS).

Why does this need to be disabled? Usually the firewall will control access.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

The unsafe ports should be inaccessible on the LAN as well, according to project manager.

But I suppose since it's just a redirect, I can inform them that it doesn't really present a security breach, since they've approved the use of https anyhow.

Thanks!

That is not a valid resolution to reduction of vulnerability profile - should simply be disabled/shut off. How to shut down the port?

We have noticed that the blade server (ESXi, OA and iLO) are responding to ports that are not needed for any of the datacenter processes.

Please advise how we can turn the unnecessary ports like (SIP, 2000) off.

I will be more than happy to get a solution from the forum.

opaul@techno-associates.co.ug  my email address