VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Guide d'installation Page 17
- Page / 90
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Carefully Assigning Accounts
As an enterprise-wide configuration management and compliance tool, VCM can collect, correlate, and
change system data on managed machines throughout the enterprise. VCM can configure security
policies, collect and aggregate confidential information, install software and patches, and generally act as
an administrator interface over an entire network.
VCM is intended for use only by responsible system and network administrators who protect their access
from being subverted for unauthorized uses.
VCM administrators must follow these guidelines:
n
Do not assign entire domain groups to VCM accounts.
n
Set Windows login restrictions and password policies for user accounts that are VCM accounts to values
consistent with administrator accounts.
VCM Application Services Account
Make the VCM Application Services account a domain user account. The VCM Application Services
account must be a domain user because the account has full administrator authority for the CSI_Domain
database.
Do not use the VCM Application Services account for VCM login or for any other purpose.
Personnel Considerations
For your VCM environment to be secure, the personnel who work with VCM must be trusted.
Confidentiality of Collected Data
The results of a VCM collection can contain infrastructure configuration settings, password and credential
policies, encrypted password file entries, and any file uploaded from a managed machine.
VCMusers must protect collected data as confidential information. Even if this data was not guarded as
confidential on the managed machine itself, it might be confidential to the machine users. Without explicit
knowledge about what data is sensitive, VCM users must treat and protect all collection results as
confidential.
CAUTION Do not store collected data on public shares or in directories that are accessible to other
users, including other VCM users, because they might not have collection rights on the machine
from which the data originated.
Vulnerability of Exported Data
VCM supports several ways for personnel to export collected data:
n
Email notifications and alerts
n
Exported or printed grids
n
Exported SRS summary views and reports
n
Service desk work requests
n
Uploaded and exported files
n
Screen snapshots
Domain Infrastructure
VMware, Inc.
17
- Security Guide 1
- Copyright 2
- Contents 3
- Web Server 31 4
- VCM User Interface System 39 4
- Decommissioning 53 5
- Authentication 57 5
- Supplemental References 81 6
- Index 87 6
- About This Book 7
- VCM Security Guide 10
- VMware, Inc 10
- How Personnel Use VCM 11
- Trust Zones 12
- Introduction to VCM Security 13
- Domain Infrastructure 15
- Domain Accounts 16
- Personnel Considerations 17
- VCM Installation Kits 19
- Server Zone Security 21
- Protection Profiles 22
- Physical Security 22
- Disabling Automatic Login 22
- VCM Collector Server 25
- SQL Server 27
- Direct SQL Server Login 28
- Login Accounts for SQL Server 28
- Web Server 31
- Using HTTPS 32
- Web Server Certificates 32
- VCM Agent Systems and Managed 33
- Machines 33
- VCM Agent 34
- Unauthorized Agents 35
- Local Administrator Account 35
- BIOS Password 35
- Disabling Alternative Startup 35
- Maintenance Mode 35
- Trusted Certificate Store 36
- Enterprise Certificate 36
- Trustworthiness of Data 36
- Individual CollectionResults 37
- VCM User Interface System 39
- Access Control 40
- Cross-site Scripting 41
- Trusted Software 42
- Verifying Certificates 42
- Protection of Repositories 46
- Connecting to Repositories 46
- Closing Unnecessary Ports 50
- OS Provisioning Credentials 50
- Decommissioning 53
- Network Authority Accounts 54
- Erasing Server Disks 54
- Erasing Virtual Machines 54
- Authentication 57
- Using Single or Paired Keys 58
- Certificates 58
- Public Key Infrastructure 58
- Trust Chains 58
- How VCM Uses Certificates 59
- Collector Certificate 61
- Agent Certificates 62
- First Contact 63
- Changes to Agent Certificates 63
- Changing Certificates 64
- Replacing Certificates 65
- Installing the Agent 66
- Installing Using Provisioning 67
- Makecert Options 72
- Option Description 73
- Environment Variables 75
- Supplemental References 81
- Export Considerations 83
- VCM Ports 84
- Port Transport Usage 85
Produits connexes et manuels pour Logiciel VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
(150 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.390 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels