Data Center Virtualization Certification:VCP6.5-DCV Exam Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Configure network security policies

Standard and distributed virtual switches (described in Chapter 2, Configure and Administer vSphere 6.x Networking) both have specific security policies:

  • Promiscuous mode: Promiscuous mode permits a virtual NIC to capture all frames on the virtual switch portgroup. Of course, it can represent a security risk for the confidentiality of the data.
  • MAC address changes: The guest OS can change the MAC address of the virtual NIC, and this can be used by a spoofing attack.
  • Forged transmits: Any outgoing frame with a source MAC address that is different from the one currently set on the VMX file.

By default, on distributed virtual switches, all of the previous policies are rejected. On standard virtual switches, only the promiscuous mode is rejected; in that case, you can change the settings with the vSphere Web Client, by selecting the Configure tab on the desired host, and then the Virtual switches menu. Then, select the desired virtual switch, click the Edit settings icon, and choose the Security menu:

Figure 1.31: Network security policies

For more information, see the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-9782B9AA-CB4C-40FF-AD1F-359180545D6E.html).

上一章目录下一章