Home > Blogs > VMware Security & Compliance Blog > Tag Archives: Hardening

Tag Archives: Hardening

VMware releases STIG Compliance App for FREE

Hello Everyone,

I am pleased to announce the availability of VMware STIG Compliance App. Using this app, you can assess, remediate and harden remote *NIX machines in line with STIG (Security Technical Implementation Guide) or any other security configuration benchmark. The app is available as a container image.

The app supports and requires configuration benchmark to be in SCAP 1.2 format and is capable of performing XCCDF or OVAL assessments. The app uses OpenSCAP as the assessment engine and Ansible as the action engine for performing remediation and hardening.

Continue reading

VMware CP&C releases a FREE vSphere 5.0 hardening guideline compliance checker!

I am hanging out in NYC finishing Cloud Expo East where we delivered a rousing session on Cloud Audit & Control with Coalfire AND CP&C is now VERY pleased to announce the release of our FREE vSphere 5.0 compliance checker! Last week we rolled out the 5.0 hardening guidelines in vCenter Configuration Manager (vCM) making it the first product on the planet to have the 5.0 content for our customers. Today, we are giving you access to a FREE vSphere 5.0 compliance checker! How awesome is that?

It is so easy to download and use that you can run it while watching Euro Cup with the sound of GOOOOOOAAAAAALLLLLLLLL!!!!!!!!!! In the background!

 Here is how the vSphere 5.0 Compliance Checker works: 

  • The Compliance Checker runs an assessment on 5 host systems at a time! (The 1st five being managed by an instance of vCenter Server)

 

  • The assessment is based on a predefined subset of the 5.0 Hardening Guidelines Content that currently exist today in vCenter Configuration Manager (vCM) Part of the vCenter Operations Manager Suite (vCo Ps)

 

  • The results for each host includes the rules, the rule descriptions, and the success or failure of each rule

 

 Check out the following results report from the vSphere 5 Checker

ComplianceReport

All you have to do is authenticate into the vCenter box that you want to assess hosts on.

VSphereCC

The VMware Center for Policy & Compliance FREE Checkers are sweeter than bacon and designed to get you hooked & come back for more! 

Here is the link so you can get started hardening your vSphere Environment today. (Remember, we have FREE checkers for vSphere 4.0 & 4.1 AND for PCI 2.0 Windows & Linux)

http://www.vmware.com/go/free-compliance-check-for-vsphere

Next, look for CP&C to release a HIPAA Checker that will be hotter than the Miami HEAT!

Now this poses a few questions and we would love to get your feedback: 

1. Are free tools like this helpful?

2. How do you currently lock down your vSphere environment?

3. Would remediation of the non-compliance results be a good next step?

4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

 

Cambio y Fuera!

George Gerchow – Director, VMware Center for Policy & Compliance


 

VMware Center for Policy & Compliance (CP&C) releases vSphere 5.0 hardening guidelines in vCenter Configuration Manager! (vCM)

CP&C is pleased to announce the most anticipated content release to date in vCM, the VMware vSphere 5.0 hardening guidelines! As critical component of the vC Ops suite, vCM is the FIRST product in the market today to have the official GA version of the vSphere 5.0 Hardening Guidelines. This is just another significant step in our Trusted Cloud initiative in helping customers migrate tier one applications to the VMware Cloud Infrastructure Suite.

What does this mean to VMware vCM customers who want to make sure their virtual systems are compliant?

5 new rule groups and two brand new templates:

  VSphere 5.0 p1

 Brand new 5.0 hardening guideline collection filters:

VSphere 5.0 p2

Great executive compliance results and trending dashboards:

VSphere 5.0 p3

You can quickly move from Dashboards to details and see the out of compliance data classes, here is a small sample, there are so many that I cannot get a full coverage screen shot!

VSphere 5.0 p4

Add this DEEP virtualization compliance data to the rich cross platform, heterogeneous change detection, configuration\ patch management, best practices and regulatory compliance content vCM has today & you will be well on your way to successfully hardening your environment. (Yes, I did say Virtual, Physical, Windows, Linux, Servers, Desktops\ VDI…) This is better than bacon!

Whhheeeeewwwww, I ran of breath reading it back.

The guidelines are available today and can be downloaded using the vCM Content Wizard.

 Feel free to hit us up with questions & comments at:

Hasta La Vista,

George Gerchow – Director, VMware Center for Policy & Compliance

 

 

 

 

 

 

 

 

 

 

 

 

 


 

vSphere 5.0 Security Hardening Guide Released

I would like to announce the official release of the vSphere 5.0 Security Hardening Guide.  This version represents a significant step in the evolution of this guide.  Based on feedback from customers and partners, the guide was re-structured from the ground up with the following key aspects:

  • The guide is being released exclusively in spreadsheet format.  Many of you have indicated that, although the accompanying text found in previous versions of the guide is interesting, the specific steps for assessment and remediation of the recommendations are really what matters.  Since people often end up putting the guide into spreadsheet format anyway, we figure we'd save you the trouble!
  • All guidelines have the same set of metadata, and a new standardized and extensible identification scheme.  This will enable customers to more readily adapt the guide to suit their particular environment by selecting the specific guidelines and fields that are of interest to them, and also help them in the generation of standard checklists and similar documents.
  • A primary goal for this guide was to enable greater automatability.  To this end, the guide includes both assessment and remediation commands for the three main vSphere CLIs: vSphere CLI (vCLI), ESXi Shell, and PowerCLI.  References have also been added to sections of the vSphere API documentation that relate to each specific guideline. 
  • The previous recommendation levels have been replaced by a system using Profiles. This is part of the move towards putting the guide into industry-standard format, a potential benefit that will be fully realized in the future.

The Introduction tab of the guide describes the new naming scheme, structure, recommendation levels, and other aspects of the guide in more detail.  Please read this tab first before diving into the rest of the guide, as it provides important context.

The vSphere 5.0 Security Hardening Guide has been posted to the VMware Communities in the "Security and Compliance” area, in the Documents tab.  Thanks to everyone who provided feedback on the Public Draft, and also to the team at VMware who contributed to this guide in many significant ways.

Charu Chaubal
Technical Marketing, Cloud Infrastructure 

VMware’s CP&C releases another free Compliance Checker!

Buenos Dias,

I'm George Gerchow, Director of VMware's Center for Policy & Compliance. I'll be here all week to talk about Compliance in the Cloud and answer your questions. 

Today we are going to give you access to a FREE downloadable tool that helps you get started on the “Trusted Cloud” ride. 

It is the vSphere 4.1 Compliance Checker fresh off the virtual assembly line and compiled by the good folks at CP&C!

 Here is how it works: 

  • The Compliance Checker runs an assessment on ESX/ESXi hosts managed by vCenter
  • The assessment is based on a predefined subset of 29 of the vSphere 4.1 Security Hardening Guide rules and is run against the first 5 ESX/ESXi hosts found on the target vCenter
  • The results for each host include the rules, the rule descriptions, and the success or failure of each rule

At VMware, we like to call the Compliance Checkers “Crack” for IT as it get’s ya hooked and you will come back for more! 

Here is the link so you can get started hardening your vSphere Environment today: 

http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html  

Now this poses a few questions and we would love to get your feedback: 

  1. Are free tools like this helpful?
  2. How do you currently lock down your vSphere environment?
  3. Would remediation of the non-compliance results be a good next step?
  4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

I will be rollin’ into Denver today like Tom Brady rolled over the Miami Secondary last night but will be online waiting to hear from you. (FYI, IN Denver, I am giving a Keynote at a Healthcare seminar on Trusted Cloud)

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

Here is a sneek peek of what the Checker looks like:

Checker.09.11 

Thanks and have a great day from all of us at CP&C and VMware!