VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Guide d'installation Page 35
- Page / 90
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Use physical (possession, locks) or cryptographic (encrypted file system) means to maintain continuous
control.
Unauthorized Agents
The managed machine administrator must not allow unauthorized Agents to run, even when the Agent is
an authentic one.
An Agent can be installed using an authentic installation kit, but still not be authorized to return data. For
example, it can be a nonadministrator's private Agent. Whenever possible, only one Agent should be
installed per managed machine, and it should be the authorized Agent.
Restricting Access to Machine Configuration
The Agent depends on the integrity of settings in system configuration files, the Windows Registry, and
the UNIX/etc directory. These settings activate the Agent and grant it access to infrastructure services like
networking and domain name services (DNS), as well as access to the data sources and files from which
the Agent collects data. These settings must be protected from unauthorized modification.
Local Administrator Account
Nonadministrator users of a managed machine must not be allowed to log in as the local machine
administrator and bypass access controls. Apply one of the following safeguards:
n
Disable the local administrator account.
n
Set the local administrator account password to a strong, nondefault value.
BIOS Password
Enable and set the BIOS password of a managed machine to a strong, nondefault value.
nonadministrator users of a managed machine must not be allowed access to the BIOS and its ability to
change the system time, enable or disable hardware, or start up into maintenance mode or alternative
operating systems.
Disabling Alternative Startup
In the BIOS, configure the managed machine to start up only from the managed operating system. Do not
present the user with multiple startup operating system options.
nonadministrator users of a managed machine must not be allowed to bypass file system access controls
by starting up into an alternative operating system.
Maintenance Mode
In the BIOS, set the maintenance mode (single-user mode) password of a managed machine to a strong,
nondefault value.
nonadministrator users of a managed machine must not be allowed to bypass file system access controls
by entering maintenance mode.
VCM Agent Systems and Managed Machines
VMware, Inc.
35
- Security Guide 1
- Copyright 2
- Contents 3
- Web Server 31 4
- VCM User Interface System 39 4
- Decommissioning 53 5
- Authentication 57 5
- Supplemental References 81 6
- Index 87 6
- About This Book 7
- VCM Security Guide 10
- VMware, Inc 10
- How Personnel Use VCM 11
- Trust Zones 12
- Introduction to VCM Security 13
- Domain Infrastructure 15
- Domain Accounts 16
- Personnel Considerations 17
- VCM Installation Kits 19
- Server Zone Security 21
- Protection Profiles 22
- Physical Security 22
- Disabling Automatic Login 22
- VCM Collector Server 25
- SQL Server 27
- Direct SQL Server Login 28
- Login Accounts for SQL Server 28
- Web Server 31
- Using HTTPS 32
- Web Server Certificates 32
- VCM Agent Systems and Managed 33
- Machines 33
- VCM Agent 34
- Unauthorized Agents 35
- Local Administrator Account 35
- BIOS Password 35
- Disabling Alternative Startup 35
- Maintenance Mode 35
- Trusted Certificate Store 36
- Enterprise Certificate 36
- Trustworthiness of Data 36
- Individual CollectionResults 37
- VCM User Interface System 39
- Access Control 40
- Cross-site Scripting 41
- Trusted Software 42
- Verifying Certificates 42
- Protection of Repositories 46
- Connecting to Repositories 46
- Closing Unnecessary Ports 50
- OS Provisioning Credentials 50
- Decommissioning 53
- Network Authority Accounts 54
- Erasing Server Disks 54
- Erasing Virtual Machines 54
- Authentication 57
- Using Single or Paired Keys 58
- Certificates 58
- Public Key Infrastructure 58
- Trust Chains 58
- How VCM Uses Certificates 59
- Collector Certificate 61
- Agent Certificates 62
- First Contact 63
- Changes to Agent Certificates 63
- Changing Certificates 64
- Replacing Certificates 65
- Installing the Agent 66
- Installing Using Provisioning 67
- Makecert Options 72
- Option Description 73
- Environment Variables 75
- Supplemental References 81
- Export Considerations 83
- VCM Ports 84
- Port Transport Usage 85
Produits connexes et manuels pour Logiciel VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
(150 pages)© 2020, manymanuals.fr. Tous droits réservés | 2.613 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels