ESXi

 View Only
  • 1.  Ransomware Protection

    Posted Feb 07, 2023 12:53 PM

    Hello,

    What can we do to improve our esxi from ransomware attack?



  • 2.  RE: Ransomware Protection
    Best Answer

    Posted Feb 07, 2023 01:03 PM

    1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary

    2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them

    3: Stop joining your VC and ESXi to Active Directory.  If your AD gets hacked, they will move with domain credentials to your VMware environment.  

    This is a good start



  • 3.  RE: Ransomware Protection

    Posted Feb 07, 2023 02:32 PM

     wrote:

    1: Close SSH access to all your ESXi servers and vCenter. Only enable when necessary

    2: Do not expose your ESXi or vCenter to the internet. Use a VPN to access them

    3: Stop joining your AD and ESXi to Active Directory.  If your AD gets hacked, they will move with domain credentials to your VMware environment.  

    This is a good start


    I think these are probably the best start. Other thing to mention, have a separate management network for ESXi. Make sure that you provide service accounts (backup etc) the correct roles, to often people use Admin accounts for those purposes.

     



  • 4.  RE: Ransomware Protection

    Broadcom Employee
    Posted Feb 07, 2023 02:13 PM

    Apply patches and updates.

    The attacks in the press at the moment are only applicable to hosts that have not been updated in the last 2 years or more.