Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: April 2012

Monthly Archives: April 2012

VMware Security Note

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.

Iain Mulholland
Director, VMware Security Response Center

VMware Releases vShield 5.0.1

VMware is proud to announce the immediate availability of the 5.0.1 versions of vShield Edge, vShield App, vShield Endpoint, and vShield Data Security.  Each of these updates introduces a number of new features and bug fixes.

Check out the new reporting capabilities in vShield Data Security!

VShieldDS501

Highlights of the 5.0.1 release include:

Automation

  • Simplified automation using new REST API calls for vShield Data Security workflows, including triggers for completion of scans.
  • Enable download of vShield VIBs (host modules) from vShield Manager, a key step in support for Autodeploy (Stateless ESXi).

 High Availability and Policy Management

  • Automatic restart of vShield App or virtual machines if a heartbeat is not detected.
  • Improved vShield App policy management with the option to fail open or fail closed.
  • Option to selectively exclude virtual machines from vShield App protection.

 Actionable Data

  • Improved audit logs for vShield Manager provide detailed information about administrative user actions on vShield security operations.
  • Simplified troubleshooting with single file download of vShield system configuration and events.
  • Enhanced reporting for vShield Data Security allows users to view data as pie charts and bar graphs – and export this data to various file formats.


Download links:

 

VMware (CP&C) Releases PCI 2.0 FREE Compliance Checkers!

Hola Amigos y Amigas,

Today we are going to give you access to two (That’s right, DOS!) FREE downloadable tools that help you get started on the journey to achieving PCI 2.0 Compliance.

The PCI 2.0 Compliance Checkers for Windows and LINUX are fresh off the virtual assembly line and compiled by the good folks at VMware’s Center for Policy & Compliance! (CP&C)

 Here is how they work: 

  • The Compliance Checkers run an assessment on 5 Guest systems at a time!
  • The assessment is based on a predefined subset of the PCI 2.0 Content that currently exist today in vCenter Configuration Manager (vCM) Part of the vCenter Operations Manager Suite
  • The results for each guest includes the rules, the rule descriptions, and the success or failure of each rule

 Check out the following results report from the LINUX Checker. Pure AWESOMENESS! 

PCI.Checker.Linux.4.12

The Compliance Checkers are designed to get you hooked and come back for more! 

Here is the link so you can get started hardening your vSphere and Guest Environment today. (Remember, we have FREE checkers for vSphere 4.0 & 4.1)

https://www.vmware.com/tryvmware/?p=compliance-chk&lp=default&cid=70180000000MJsMAAW

The vSphere 5.0 Checker will soon be on its way like a Tim Tebow Comeback! (Too bad his comebacks will be for the Jets, I love my Broncos but am not happy about the Manning move.) Just sayin…

Now this poses a few questions and we would love to get your feedback: 

1. Are free tools like this helpful?

2. How do you currently lock down your vSphere environment?

3. Would remediation of the non-compliance results be a good next step?

4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

 Peace Out!

George Gerchow – Director, VMware Center for Policy & Compliance