Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: August 2014

Monthly Archives: August 2014

Verify Roles and Features using VCM

CPC LogoToday, I show you how you can ensure you comply to DISA  recommendations to have only needed roles and features enabled on various Windows machines using VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops).

 

For this example, DISA STIG for Windows 7 Version:1 Release:16 released on 25 Jul 2014 is taken.

Below are the DISA recommendations:

  • 5.016 – IIS or its subcomponents must not be installed on a workstation
  • 5.260 – Games must not be installed on the system
  • 5.260 – Simple TCPIP Services must not be installed on the system
  • 5.260 – Telnet Server must not be installed on the system
  • 5.260 – The Telnet Client must not be installed on the system
  • 5.260 – The TFTP Client must not be installed on the system
  • 5.260 – Windows Media Center must not be installed on the system

Continue reading

Consolidated list of VMware Security Advisories

Today (8/21/2014) VMware Security Response Center is releasing a consolidated list, in the form of an Excel file (see below) of VMware Security Advisories. The list provides a single source of Security Advisories since 2012.

The list contains all affected products, versions, fix details, known workarounds, VMware Knowledge Base articles, and release notes or KBs for each CVE. This is provided so customers can import Security Advisory details into their security management systems or for patch management.

We plan to update the list each time a new or updated VMware Security Advisory is released.

Details of the contents can be found in VMware Knowledge Base article:

http://kb.vmware.com/kb/2078735

You can download the consolidated list here:

https://www.vmware.com/files/xls/security/VMWareSecurityAdvisoryList.xlsx

This document provides the following information about the affected product(s) for each Security Advisory:
  • Vulnerability Title
  • Vulnerability Description
  • Advisory Name
  • Advisory URL
  • CVE(s)
  • Affected Product
  • Affected Version
  • Affected Running on
  • Fixed Patch Release Number
  • Fixed Bulletin ID
  • Fixed Build No.
  • Knowledge Base Article associated with fix
  • Workarounds
  • Reporting Company
  • Reporting Individual
  • CVSS v2*
  • CVSS*
  • First Published Date
  • Last Update Date

Note: * CVSS details have been sourced from NIST for consistency.

 

Ensure DISA Certificate Compliance using VCM

CPC LogoToday, I show you how you can ensure you comply to DISA mandates to have DoD certificates on each Microsoft Windows machine using VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops).

For this example, DISA STIG for Windows 8 / 8.1 Version: 1  Release: 6 released on 25 Jul 2014 is taken.

Below are the DISA requirements for certificates:

  • WN08-PK-000001 – The DoD Root Certificate must be installed into the Trusted Root Store
  • WN08-PK-000002 – The External CA Root Certificate must be installed into the Trusted Root Store
  • WN08-PK-000003 – The DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed into the Untrusted Certificates Store
  • WN08-PK-000004 – The US DoD CCEB Interoperability Root CA 1 to DoD Root CA 2 cross-certificate must be installed into the Untrusted Certificates Store

Continue reading