VMware vSphere

Hi, I have a couple of ESXI server, but one of them is naked - it look to internet without firewall. And Yesterday that EXSI 7 server has been hacked. Somebody has been changed root password in my server. I google this issue and found a lot approach to hack ESXI server, for example - https://www.vmwareblog.org/forgot-esxi-root-password-no-problems-4-ways-reset/

And I decide reinstall that server. So, my question is - Can I delete a ROOT login at all (like standard installation on Ubuntu style), or maybe rename it, or can anybody advice to strong protect ESXI ROOT login/password from hacked and changed password?

Why expose the host to the internet in the first place? Securing the network access would be the best approach.

dear what do you mean? I don't understand you. That server was rent in Hetzner datacenter, if I understand there is nothing any security options to restrict access to server from internet, server is naked and anybody can access to 443 port

Or you mean some VmWare control options?

I doubt there would be many vSphere admins/architects who would think it is a good idea to expose an ESXi host directly to the outside world in that way without any kind of security or authentication restrictions.

I used to manage vSphere training labs that were accessible from the internet - they had a front-end system that you would have to successfully authenticate against first prior to getting anywhere near the vSphere infrastructure.

Hey ,

Publishing an ESXi to the Internet is definetely not a good idea as if somebody gets access can affect all your infrastructure inmediately without much knowledge and even extract information of the virtual machines that are store there.

Of course there are mechanisms for restricting network access such as only allowing the Public IP used by the customer to connect there, however as  said, the solution is not on securizing that access but use an intermediate service to give access with an strong authentication and encryption in the middle. Think about VDI Solutions for example.

I'd always protect the management of ESXi, simple stuff like locking it down.

I'd suggest looking at this article as a starter for 10..

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-88B24613-E8F9-40D2-B838-225F5FF480FF.htmlhttps://kb.vmware.com/s/article/1008077

Thank you , but in this mode I can not add new VM, isn't it?

Hey ,

Lockdown mode will only work if you have vCenter Server but as I understand you are not providing that access to the user so in case you want the user to be able to access the ESXi by another user, you can change the root priviliege to No-Access or Read-Only.

Before doing this you will need to create a new user locally on your ESXi and provide administrator privilieges. For that follow the next document: https://blogs.virtualmaestro.in/2016/02/12/how-to-add-local-account-in-esxi-shell/#:~:text=Add%20users%20using%20ESXi%20host,User%20as%20in%20image%20below.

This will restrict the access completely to the host and the root user will have no access, however this will not impact the use of root inside SSH but I presume you are not publishing that to the Internet.

However, this is a solution to your issue, not a recommendation.

Hi Alex, besides the other recommendations and solutions always keep your ESXi host up-to-date with the latest security patches. This will also help to minimize the risk of getting "hacked". But indeed, don't connect your ESXi host directly to the internet without proper security measures like firewalls.

There are also benchmarks that give you guidance on how to secure your ESXi host.