Index
A
- acceptable risk / Introduction
- Access Control Lists (ACLs) / Understanding defense-in-depth
- Active Directory (AD) / Introduction
- Active Directory integration
- configuring / Configuring Active Directory integration, How to do it…, How it works…
- Active Directory users
- Active Directory Users and Computers (ADUC) / Managing Active Directory users and groups
- administrative access options
- configuring / Configuring administrative access options, How to do it…, How it works…
- administrative roles
- assigning / Assigning administrative roles, How to do it…, How it works…
- Advanced Encryption Standard (AES) / Security concepts
- asymmetric encryption / Security concepts
- authentication, SSL VPN-Plus
- configuring / Configuring authentication
- Authentication Header (AH) / Network vulnerabilities
C
- CA
- about / Introduction
- CA Certificate / How to do it…
- categories, network threats
- denial of service attack / Network threats
- man-in-the-middle attack / Network threats
- hijacking / Network threats
- sniffing / Network threats
- Trojans / Network threats
- IP spoofing / Network threats
- Certificate Authority (CA) / Security concepts
- certificates
- about / Security concepts
- digital certificates (X.509 certificates) / Security concepts
- managing / Managing certificates and revocation lists, How to do it…, How it works…
- requesting, from Windows CA / Requesting certificates from a Windows CA, How to do it…, How it works…
- Certificate Signing Request (CSR) / How it works…
- Challenge Handshake Authentication Protocol (CHAP) / Storage threats, Configuring iSCSI security
- Cipher
- references / References
- community port type, secondary PVLANs / How it works…
- components, vShield Data Security policies
- regulations and standards to detect / Configuring the vShield Data Security policies
- areas to exclude / Configuring the vShield Data Security policies
- files to scan / Configuring the vShield Data Security policies
- Core Infrastructure Suite (CIS) / Getting ready, Getting ready
- Cost, risk / Risk overview
- CRL / How to do it…
- cryptography
- symmetric encryption / Security concepts
- asymmetric encryption / Security concepts
- current Status / How it works…
- custom expressions
- URL / How it works…
D
- data classifications
- about / Security concepts
- PII / Security concepts
- PHI / Security concepts
- data digest
- configuring / Configuring Header and Data Digest, Getting ready, How to do it…, How it works…, There's more…
- options / How it works…
- Fibre Channel security, configuring / Configuring the Fibre Channel security, See also
- Data Loss Prevention (DLP) / Introduction
- default roles, vCenter / Assigning administrative roles
- defense-in-depth model
- about / Understanding defense-in-depth
- layers / Understanding defense-in-depth
- Physical Security layer / Understanding defense-in-depth
- traditional host layer / Understanding defense-in-depth
- data layer / Understanding defense-in-depth
- application layer / Understanding defense-in-depth
- network layer / Understanding defense-in-depth
- Demilitarized Zone (DMZ) / Firewalls
- Denial of Service (DoS) / Configuring virtual machine resource isolation
- Destination NAT (DNAT) / Managing NAT rules and static routes
- disk format configuration, options
- Thick Provisioned Lazy Zeroed / How it works…
- Thick Provisioned Eager Zeroed / How it works…
- Thin Provision / How it works…
- Distributed Resource Scheduler (DRS) / Introduction
- distributed vSwitch Security options
- DMZ
- about / Creating DMZ networks
- DMZ networks
- creating / Creating DMZ networks, How to do it…, How it works…
- DNS / How to do it…
- DNS Servers / How it works…
E
- encryption
- references / References
- Enhanced Security Configuration (ESC) / How it works…
- error codes
- URL / How to do it…
- ESXi console
- host, hardening via / Hardening the host via Console, How to do it…, There's more
- ESXi host certificate
- installing / Installing an ESXi host certificate, How to do it…, How it works…
- Exclusion List / How it works…
- executive mode / How to do it…
- External Switch Tagging (EST) / Configuring VLANs
F
- Fail Safe Mode / Configuring vShield App using the Web Console
- Fail Safe Policy / How it works…
- Fault Tolerance (FT) / Introduction
- Fibre Channel security
- configuring / Configuring the Fibre Channel security, See also
- fibre channel technologies
- URL / See also
- firewall rules
- managing / Managing firewall rules, How to do it…, How it works…
- configuring, for VXLAN virtual wires / Configuring firewall rules for VXLAN virtual wires, Getting started, How to do it…, How it works…
- Fully Qualified Domain Name (FQDN) / How it works…
G
- Graphical User Interface (GUI) / Introduction
- groups
- guest OS
- securing / Securing the guest OS, Getting ready
- Windows 7 guest OS security, configuring / Configuring the Windows 7 guest OS security, How to do it…
- working / How it works…
- guest virtual machine
- hardening / Guest virtual machine hardening, How to do it…
- unnecessary virtual hardware, removing / Remove unnecessary virtual hardware
- unexposed features / Unexposed features
- data, restricting between host and guest / Restricting data between the host and guest
- no guest access role, creating / Restricting commands
- guest OS writes, limiting to host memory / Limiting the guest OS writes to the host memory
- working / How it works…, See also
- guest virtual machine threats / Guest virtual machine threats
- guest virtual machine vulnerabilities
- about / Guest virtual machine vulnerabilities
- for kernel-mode driver in Windows 7 / Guest virtual machine vulnerabilities
H
- HA / How to do it…
- header digest
- configuring / Configuring Header and Data Digest, How to do it…, How it works…
- options / How it works…
- Health Insurance Portability and Accountability Act (HIPAA) / How it works…
- URL / Introduction
- High Availability (HA) / Introduction, How it works…
- host
- hardening, via ESXi console / Hardening the host via Console, How to do it…, There's more
- hardening, via vSphere Client / Hardening the host via vSphere Client, How to do it…, How it works…
- Host Bus Adapter (HBA) / Configuring the Fibre Channel security
- host firewall
- configuring / Configuring the host firewall, How to do it…, How it works…, There's more
- Trusted Platform Module (TPM) encryption / TPM encryption
- references / See also
- host services
- configuring / Configuring host services, How to do it…, How it works…
- Human Resources (HR) / Restricting commands
- hypervisor threats
- about / Hypervisor threats
- hypervisor vulnerabilities
- about / Hypervisor vulnerabilities
I
- installation package, SSL VPN-Plus
- configuring / Configuring an installation package
- Internet Control Message Protocol (ICMP) / Testing VXLAN virtual wires
- Internet Group Management Protocol (IGMP) / Getting started
- Inventory Service certificate
- registering / Registering the Inventory Service certificate, How to do it…, How it works…
- IP pool, SSL VPN-Plus
- configuring / Configuring the IP pool
- IPSEC
- about / Security concepts
- IP Security (IPSEC) / Configuring network isolation
- IPSEC VPN
- references / References
- IPSec VPN service
- managing / Managing the IPSec VPN service, How to do it…
- working / How it works…
- IP spoofing
- about / Network threats
- IP Spoofing
- URL / References
- iSCSI security
- configuring / Configuring iSCSI security, How to do it…, How it works…
- authentication options / How it works…
- isolated port type, secondary PVLANs / How it works…
K
- Keyboard, Video, Mouse (KVM) interface / Configuring administrative access options
- Knowledge Base (KB) article / There's more…
L
- Lightweight Directory Access Protocol (LDAP) / Configuring authentication, How it works…
- Link Aggregation Control Protocol (LACP) / How it works…
- Link Aggregation Groups (LAGs) / How it works…
- load-balancing service
- configuring / Configuring the load-balancing service, How to do it…, How it works…
- load balancing methods
- IP_HASH / How it works…
- LEAST_CONN / How it works…
- URI / How it works…
- Log Browser certificate
- registering / Registering the Log Browser certificate, How to do it…, How it works…
- Logical Unit Numbers (LUNs) / Configuring the Fibre Channel security
M
- man-in-the-middle attack
- about / Network threats
- Man-in-the-middle attack
- URL / References
- Maximum Transmission Unit (MTU) / Getting started
N
- NAT / Introduction
- National Vulnerability Database
- examples / Network vulnerabilities
- URL / Network vulnerabilities, Storage vulnerabilities, References
- NAT rules
- managing / Managing NAT rules and static routes, Getting ready, How to do it…
- working / How it works…
- Network-attached storage (NAS) / Storage threats
- network attached storage (NAS) / Introduction
- network isolation
- configuring / Configuring network isolation, How to do it…, How it works…
- Network Level Authentication (NLA) / How to do it…
- network threats
- about / Network threats
- Network Time Protocol (NTP) / Network threats
- Network Virtualization Platform (NSX) / Hypervisor threats
- network vulnerabilities
- about / Network vulnerabilities
- NTP Server / How it works…
O
- OpenFlow / Introduction
- operating system (OS) / Guest virtual machine threats
- Organizational Unit (OU) / How it works…
P
- Payment Card Industry (PCI) / How it works…
- Payment Card Industry Data Security Standard (PCI-DSS)
- URL / Introduction
- permissions
- assigning / Assigning permissions, How to do it…, How it works…
- Personally Identifiable Information (PII) / Restricting commands
- PHI
- about / Security concepts
- references / References
- physical threats
- about / Physical threats
- physical vulnerabilities
- about / Physical vulnerabilities
- PII
- about / Security concepts
- references / References
- PKI
- references / References
- URL / Introduction
- port group security
- configuring / Configuring the port group security, How to do it…, How it works…
- PowerCLI / There's more
- primary PVLAN / Configuring PVLANs
- private networks, SSL VPN-Plus
- configuring / Configuring private networks
- private VLANs ( PVLANs)
- about / Configuring PVLANs
- primary PVLAN / Configuring PVLANs
- secondary PVLAN / Configuring PVLANs
- configuring / Getting ready, How to do it…, How it works…
- URL / See also
- process certificates
- requesting / Process certificate requests, How to do it…, How it works…
- promiscuous port type, secondary PVLANs / How it works…
- Public Key Cryptography Standard (PKCS) / How it works…
- Public Key Infrastructure (PKI) / Security concepts
R
- Remote Desktop Protocol (RDP) / Configuring administrative access options
- Remote Server Administration Tools (RSAT) / Getting ready
- revocation lists
- risk
- overview / Risk overview
- URL / Risk overview
- Threat component / Risk overview
- Vulnerability component / Risk overview
- defense-in-depth model / Understanding defense-in-depth
- risk management
- about / Introduction
- URL / Risk overview
- roles
- configuring / Configuring user accounts and roles, How to do it…, How it works…
- Auditor / How it works…
- Security Administrator / How it works…
- vShield Administrator / How it works…
- Enterprise Administrator / How it works…
S
- SAN fabric
- URL / See also
- SAN Small Form-Factor Pluggable (SFPs) / Configuring the Fibre Channel security
- secondary PVLANs
- about / Configuring PVLANs
- types / How it works…
- secondary PVLANs, types
- promiscuous / How it works…
- community / How it works…
- isolated / How it works…
- Security Compliance Manager
- URL / See also
- Security Compliance Manager (SCM)
- about / How it works…
- security concepts
- about / Security concepts
- data classifications / Security concepts
- cryptography / Security concepts
- certificates / Security concepts
- VPN / Security concepts
- references / References
- security token service (STS) / How it works…
- service groups
- configuring / Configuring services and service groups, How to do it…, How it works…
- services
- configuring / Configuring services and service groups, How to do it…, How it works…
- Single Points of Failure (SPoF) / Introduction
- Single Sign-On
- configuring / Configuring Single Sign-On, How to do it…
- Single Sign-On certificate
- registering / Registering the Single Sign-On certificate, Getting started, How to do it…
- Single Sign-On users
- managing, with vSphere Web Client / Managing Single Sign-On users with vSphere Web Client, Getting ready, How to do it…, How it works…
- snapshots
- managing / Managing snapshots, How to do it...
- working / How it works...
- references / See also
- sniffing process / Network threats
- Social Security Number (SSN) / Security concepts, Configuring the vShield Data Security policies
- Software Defined Networking (SDN) / Introduction
- Software Designed Data Center (SDDC) / Hypervisor threats
- Source NAT (SNAT) / Managing NAT rules and static routes
- SSL Certificate Automation Tool 5.5
- about / Using SSL Certificate Automation Tool 5.5
- using / Getting started
- installing / How to do it…
- URL / How to do it…
- working / How it works…, There's more…
- SSL Security
- configuring, for web manager / Configuring SSL Security for Web Manager, How to do it…, How it works…
- SSL VPN
- references / References
- SSL VPN-Plus
- managing / Managing SSL VPN-Plus, How to do it…
- IP pool, configuring / Configuring the IP pool
- private networks, configuring / Configuring private networks
- authentication, configuring / Configuring authentication
- installation package, configuring / Configuring an installation package
- working / How it works…
- server settings / How it works…
- IP Pool / How it works…
- private networks / How it works…
- authentication / How it works…
- installation package / How it works…
- client configuration / How it works…
- standard image templates
- configuring / Configuring the standard image templates, How to do it..., How it works...
- standard vSwitch security
- configuring / Configuring Standard vSwitch security, How to do it…
- working / How it works…
- static routes
- managing / Managing NAT rules and static routes, How to do it…
- working / How it works…
- storage area network (SAN) / Introduction
- storage area networks (SAN) / Risk overview, Storage threats
- storage threats
- about / Storage threats
- Storage vMotion / Introduction
- storage vulnerabilities
- about / Storage vulnerabilities
- examples / Storage vulnerabilities
- symmetric encryption / Security concepts
- Syslog servers / How to do it…
T
- Thick Provisioned Eager Zeroed option / How it works…
- Thick Provisioned Lazy Zeroed option / How it works…
- Thin Provision option / How it works…
- Threat component, risk / Risk overview
- Trojans / Network threats
- Trusted Execution Technology (TXT) / TPM encryption
- Trusted Platform Module (TPM) / TPM encryption
U
- Universal Principal Name (UPN) format / How to do it…
- Update Manager certificate
- registering / Registering the Update Manager certificate, How to do it…, How it works…
- user accounts
- configuring / Configuring user accounts and roles, How to do it…, How it works…
- user mode / How to do it…
V
- vCenter
- vShield licensing, adding to / Adding vShield licensing to vCenter, How to do it…, How it works…
- vCenter certificate
- registering / Registering the vCenter certificate, How to do it…, How it works…
- vCenter server
- URL / Getting ready
- vCenter Server / How it works…
- vCenter Single Sign-On
- configuring / Configuring vCenter Single Sign-On, How to do it…, How it works…
- URL / Configuring vCenter Single Sign-On
- vCloud Networking and Security (vCNS) / Getting ready, Getting ready
- Virtual Guest Tagging (VGT) / Configuring VLANs
- virtual machine
- connecting, to VXLAN virtual wire / Connecting a virtual machine to a VXLAN virtual wire
- virtual machine (VM) network type / Configuring the port group security
- virtual machine (VM) threats / Guest virtual machine threats
- virtual machine resource isolation
- configuring / Configuring virtual machine resource isolation, How to do it…, How it works…
- virtual network cards (vNIC) / Managing interfaces
- Virtual Network Computing (VNC) / Configuring administrative access options
- Virtual Private Network (VPN) / Introduction
- Virtual Router Redundancy Protocol (VRRP) / Network vulnerabilities
- Virtual Switch Tagging (VST) / Configuring VLANs, Providing Distributed vSwitch security options
- VLANs
- about / Configuring VLANs
- configuring / Configuring VLANs, How to do it…, How it works…
- types / Configuring VLANs
- VLANs, types
- External Switch Tagging (EST) / Configuring VLANs
- Virtual Switch Tagging (VST) / Configuring VLANs
- Virtual Guest Tagging (VGT) / Configuring VLANs
- VM
- about / Introduction
- VMkernel Network Adapter / How it works…
- VPN
- about / Security concepts
- VPN tunnels
- IPSEC / Security concepts
- SSL / Security concepts
- vShield
- components / Introduction
- vShield App
- about / Introduction
- installing / Installing vShield App, How to do it…
- configuring / Configuring vShield App using the Web Console, How to do it…, How it works…
- vShield App Firewall
- configuring / Configuring vShield App Firewall, How to do it…, How it works…
- vShield App Flow Monitoring
- about / Configuring vShield App Flow Monitoring
- configuring / Getting ready, How to do it…, How it works…
- vShield App SpoofGuard
- about / Configuring vShield App SpoofGuard
- configuring / How to do it…, How it works…
- vShield Data Security
- installing / Installing vShield Data Security, How to do it…, How it works…
- policies, configuring / Configuring the vShield Data Security policies
- reports, managing / Managing vShield Data Security reports
- vShield Data Security policies
- vShield Data Security reports
- managing / Getting ready, How to do it…, How it works…
- vShield Edge
- installing / Installing vShield Edge, Getting ready, How to do it…
- appliance, configuring / Configuring the Edge appliance
- interfaces, configuring / Configuring Edge interfaces
- working / How it works…
- VXLAN virtual wire, connecting to / Connecting a VXLAN virtual wire to vShield Edge
- vShield Edge appliance
- configuring / Configuring the Edge appliance
- managing / Managing appliances, How to do it…
- working / How it works…
- vShield Edge instances
- compact / How it works…
- large / How it works…
- extra large / How it works…
- vShield Edge interfaces
- configuring / Configuring Edge interfaces
- managing / Managing interfaces, How to do it…
- working / How it works…
- vShield Endpoint
- about / Introduction
- URL / Introduction
- installing / Installing vShield Endpoint, How to do it…, How it works…
- configuring / Configuring vShield Endpoint using an antivirus, Getting started, How to do it…, How it works…
- vShield licensing
- adding, to vCenter / Adding vShield licensing to vCenter, How to do it…, How it works…
- vShield Manager
- about / Introduction
- conditions / Getting ready
- vShield Manager OVA
- installing / Installing vShield Manager OVA, How to do it…, How it works…
- URL / How to do it…
- vShield Manager settings
- configuring / Configuring vShield Manager settings, Getting ready, How to do it…, How it works…
- vShield Manager settings configuration
- steps / How to do it…
- DNS Servers / How it works…
- NTP Server / How it works…
- vCenter Server / How it works…
- vSphere 5.5 download file
- URL / Getting ready
- vSphere 5.5 Hardening Guide
- URL / See also
- vSphere 5.5 hardening guide
- URL / See also
- vSphere 5.5, options
- Data Encipherment / How it works…
- Nonrepudiation / How it works…
- Client Authentication / How it works…
- vSphere Client
- host, hardening via / Hardening the host via vSphere Client, How to do it…, How it works…
- URL / Getting ready, Getting ready
- vSphere Web Client
- URL / How to do it…
- used, for managing Single Sign-On users / Managing Single Sign-On users with vSphere Web Client, Getting ready, How to do it…, How it works…
- Vulnerability component, risk / Risk overview
- vulnerability database resources
- references / References, There's more
- VXLAN virtual wires
- prerequisites, configuring / Prerequisites for configuring VXLAN virtual wires, How to do it…, Ensuring DHCP availability, Setting a multicast address range and segment ID pool, Setting up network connectivity for VXLAN traffic, Verifying the distributed switch MTU setting, How it works…
- configuring / Configuring VXLAN virtual wires, Adding a VXLAN virtual wire, Connecting a VXLAN virtual wire to vShield Edge, Enabling services for the VXLAN virtual wire, Connecting a virtual machine to a VXLAN virtual wire, How it works…
- VXLAN network scope, adding / Adding a VXLAN network scope, How it works…
- adding / Adding a VXLAN virtual wire, How it works…
- connecting, to vShield Edge / Connecting a VXLAN virtual wire to vShield Edge, How it works…
- services, enabling for / Enabling services for the VXLAN virtual wire, How it works…
- virtual machine, connecting to / Connecting a virtual machine to a VXLAN virtual wire, How it works…
- testing / Testing VXLAN virtual wires, How to do it…, How it works…
- firewall rules, configuring / Configuring firewall rules for VXLAN virtual wires, Getting started, How to do it…, How it works…
- VXLAN virtual wires prerequisites
- VXLAN virtual wires prerequisites, configuring
- Managed IP address of vCenter, setting / Ensuring the Managed IP address of vCenter is set
- DHCP availability, ensuring / Ensuring DHCP availability
- multicast address range, setting / Setting a multicast address range and segment ID pool
- segment ID pool, setting / Setting a multicast address range and segment ID pool
- network connectivity for VXLAN traffic, setting up / Setting up network connectivity for VXLAN traffic
- distributed switch MTU setting, verifying / Verifying the distributed switch MTU setting
W
- Web Client certificate
- registering / Registering the Web Client certificate, How to do it…, How it works…
- web manager
- SSL Security, configuring for / Configuring SSL Security for Web Manager, How to do it…, How it works…
- Windows 2008
- installing, prerequisites / Getting started
- Windows CA
- certificates, requesting from / Requesting certificates from a Windows CA, How to do it…, How it works…
- Windows CA template
- configuring / Configuring a Windows CA template, How to do it…
- Windows Server 2008R2 guest OS security
- configuring / Configuring the Windows Server 2008 R2 guest OS security, How to do it…, How it works…
- antivirus / Virtual machine antivirus
- firewalls / Firewalls
- World Wide Names (WWNs) / Configuring the Fibre Channel security
- WWN zoning
- URL / See also