• Home
  • VMware QuickDocs
    • VMware General
    • vSphere
    • Skyline Advisor
    • vSAN
    • Horizon
    • NSX
    • vRealize Suite
      • vRealize Operations
      • vRealize Orchestrator
    • VMware Cloud Services
    • Podcasts
  • Home Lab
  • VMware Stickers
  • mac OS Tips
  • About Me
    • Privacy Policy
    • Cookie policy
Cybersylum

Cybersylum

  • Home
  • VMware QuickDocs
    • VMware General
    • vSphere
    • Skyline Advisor
    • vSAN
    • Horizon
    • NSX
    • vRealize Suite
      • vRealize Operations
      • vRealize Orchestrator
    • VMware Cloud Services
    • Podcasts
  • Home Lab
  • VMware Stickers
  • mac OS Tips
  • About Me
    • Privacy Policy
    • Cookie policy

vToolbelt – February 2023

byArron King 02.06.2023 vToolBelt

Let’s talk Ransomware

I am sure most everyone has heard about the latest ransomware attack called “ESXiArgs”.  If you haven’t, two sites I follow have coverage [BleepingComputer and HackerNews].Ransomware uses a software exploit to gain access to a system and block access to that system until a sum of money is paid.  There are instances where this exploit is unknown (also known as a Zero Day exploit).    In the case of ESXiArgs, the attackers are targeting an exploit found in OpenSLP.  A patch for this issue was released in February 2022 via VMSA 2019-0022.    That date is not a typo – the patch has been available for about a year.

Please take a moment and review the VMSA above to ensure you are have applied the patch.  If you cannot patch immediately, KB 76372 has steps on disabling the OpenSLP service on your ESXi hosts until you are able to find a patch window.

Protecting against Ransomware

One of the best general ways to protect your organization is to apply the relevant security patches.  VMware publishes Security Advisories about it’s products. You can sign up to be notified when any new security advisory is published.

VMware does maintain a site with resources that can help organizations defend against these attacks – https://core.vmware.com/ransomware.  This site contains links on how to design for security, as well as other best practices.  Just a few of the top ideas you will read about are:

 

  • Authentication
    • Do not use a “daily driver” account to manage your environment.  The username and password you login to your local computer should different than the one you use to manage vSphere.
    • Use different passwords for [email protected] and ESXi host root accounts
  • Management Separation
    • This can take many forms as outlined on the site; but the basic idea is to keep access to the management interfaces on a network with restricted access.
  • Backups
    • Verify your backups are working and perform test restores
    • Backup critical systems more often to reduce the amount of potential data loss
    • Use immutable backup storage when possible
VMware Security Advisories
  • VMSA-2023-0001 – Log Insight Directory Traversal
  • VMSA-2023-0002 – vRealize Operations CSRF Bypass
  • VMSA-2023-0003 – VMware Workstation Arbitrary File Deletion


Upcoming Events

 


VMware Explore 2023
Las Vegas, Nevada
August 21-24 2023

That’s right – VMware Explore is heading back to Las Vegas!  Save the Date!


Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

vSphere – vCenter and ESXi

  • General support for versions 6.5 and 6.7 has ended.  You can still upgrade to Version 7

Skyline

  • Skyline Collector 3.1 – 2/10/23 – Free to upgrade – learn how.  If you are not using Skyline yet, check it out !  This tool is free, easy, and useful

NSX 

  • NSX-V (all versions) – General Support ended January 16, 2022 – Customers should migrate to NSX-T
  •  NSX Advanced Load Balancer 20.1.x – 7/31/23

Disaster Recovery

  • Site Recovery Manager 8.3, 8.4 – 4/1/23
  • vSphere Replication 8.3, 8.4 – 4/1/23

Horizon View / Workspace ONE

  • Horizon 7.13 – 4/30/23
  • Dynamic Environment Manager 10/2103 – 3/23/23
  • Dynamic Environment Manager 10/2106 – 7/15/23
  • App Volumes 4 2013 – 3/23/23
  • Identity Manager 3.3.6 – 7/18/23
  • Workspace ONE UEM Console 2107 (SaaS only) – 2/8/23
  • Workspace ONE UEM Console 2111  – 3/31/23
  • ThinApp 5.x – 7/13/23

vRealize Suite

  • Automation
    • 8.7 – 3/22/23
    • 8.8 – 4/28/23
    • 8.8.1 – 6/9/23
    •  8.8.2 – 7/12/23
  • Orchestrator –
    • 8.7 – 3/22/23
    • 8.8 – 4/28/23
    • 8.8.1 – 6/9/23
    • 8.8.2 – 7/12/23
  • Lifecycle Manager
    • 8.7 – 3/22/23
    • 8.8 – 4/28/23

Notes from the Field

Using PowerCLI to prepare new ESX hosts – Powershell and PowerCLI can be used to automate many things.  I was talking to a customer recently and remembered a script I once used to help automate the configuration of hosts.  I did not have access to Host Profiles at the time. This script will show just how much PowerCLI can do with a few lines of code  – including saving you time!

While you have your eyes on a Powershell script, learn how a hash table can make it easier to find that needle in a haystack

KB 90203 – Provides a reference for VMware Tools Guest Operating System compatibility.  As operating systems move to unsupported lifecycle by their manufacturer – they move to legacy status for VMware Tools.  This means newer versions of VMware Tools will not support that OS.

Validating that Oracle RAC can use vMotion – Oracle workloads running RAC with VMware Change Block Tracking enabled can indeed use vMotion.

Security Hardening Enhancements in vSphere 8 – Learn how ESXi shell account access is being changed to tighten security in ESXi.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

ESX Host Prep with PowerCLI

VMUG Advantage - An essential tool to help you upgrade your skills

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Disclaimer

The content and opinions on this site belong to me - not my employer.

You are welcome to use any ideas or code from this site. You have the responsiblity to test these before using in a production environment.

Upcoming Events

  • Mon
    21
    Aug
    2023
    Thu
    24
    Aug
    2023

    VMware Explore 2023 - US

    The dates for THE big virtualization conference has been announced and VMware Explore is back in Las Vegas for 2023!

Categories

Before I Forget Certificates Education Home Lab Horizon View MacOS Networking PowerCLI Professional Development Scripting TechBITS Update Manager VCSA VMUG VMware VMware Cloud on AWS VMware Portal VMware Tools VMworld vSphere vToolBelt Windows 10

Archives

Category

Before I Forget Certificates Education Home Lab Horizon View MacOS Networking PowerCLI Professional Development Scripting TechBITS Update Manager VCSA VMUG VMware VMware Cloud on AWS VMware Portal VMware Tools VMworld vSphere vToolBelt Windows 10

Twitter: Follow Me

My Tweets
Proudly powered by WordPress | Theme: Showme by NEThemes.
 

Loading Comments...