vToolbelt – February 2023

byArron King 02.06.2023 vToolBelt

Let’s talk Ransomware

I am sure most everyone has heard about the latest ransomware attack called “ESXiArgs”.  If you haven’t, two sites I follow have coverage [BleepingComputer and HackerNews].Ransomware uses a software exploit to gain access to a system and block access to that system until a sum of money is paid.  There are instances where this exploit is unknown (also known as a Zero Day exploit).    In the case of ESXiArgs, the attackers are targeting an exploit found in OpenSLP.  A patch for this issue was released in February 2022 via VMSA 2019-0022.    That date is not a typo – the patch has been available for about a year.

Please take a moment and review the VMSA above to ensure you are have applied the patch.  If you cannot patch immediately, KB 76372 has steps on disabling the OpenSLP service on your ESXi hosts until you are able to find a patch window.

Protecting against Ransomware

One of the best general ways to protect your organization is to apply the relevant security patches.  VMware publishes Security Advisories about it’s products. You can sign up to be notified when any new security advisory is published.

VMware does maintain a site with resources that can help organizations defend against these attacks – https://core.vmware.com/ransomware.  This site contains links on how to design for security, as well as other best practices.  Just a few of the top ideas you will read about are:

 

  • Authentication
    • Do not use a “daily driver” account to manage your environment.  The username and password you login to your local computer should different than the one you use to manage vSphere.
    • Use different passwords for [email protected] and ESXi host root accounts
  • Management Separation
    • This can take many forms as outlined on the site; but the basic idea is to keep access to the management interfaces on a network with restricted access.
  • Backups
    • Verify your backups are working and perform test restores
    • Backup critical systems more often to reduce the amount of potential data loss
    • Use immutable backup storage when possible
VMware Security Advisories


Upcoming Events

 

VMware Explore 2023
Las Vegas, Nevada
August 21-24 2023

That’s right – VMware Explore is heading back to Las Vegas!  Save the Date!

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

vSphere – vCenter and ESXi

Skyline

  • Skyline Collector 3.1 – 2/10/23 – Free to upgrade – learn how.  If you are not using Skyline yet, check it out !  This tool is free, easy, and useful

NSX 

  • NSX-V (all versions) – General Support ended January 16, 2022 – Customers should migrate to NSX-T
  •  NSX Advanced Load Balancer 20.1.x – 7/31/23

Disaster Recovery

  • Site Recovery Manager 8.3, 8.4 – 4/1/23
  • vSphere Replication 8.3, 8.4 – 4/1/23

Horizon View / Workspace ONE

  • Horizon 7.13 – 4/30/23
  • Dynamic Environment Manager 10/2103 – 3/23/23
  • Dynamic Environment Manager 10/2106 – 7/15/23
  • App Volumes 4 2013 – 3/23/23
  • Identity Manager 3.3.6 – 7/18/23
  • Workspace ONE UEM Console 2107 (SaaS only) – 2/8/23
  • Workspace ONE UEM Console 2111  – 3/31/23
  • ThinApp 5.x – 7/13/23

vRealize Suite

  • Automation
    • 8.7 – 3/22/23
    • 8.8 – 4/28/23
    • 8.8.1 – 6/9/23
    •  8.8.2 – 7/12/23
  • Orchestrator –
    • 8.7 – 3/22/23
    • 8.8 – 4/28/23
    • 8.8.1 – 6/9/23
    • 8.8.2 – 7/12/23
  • Lifecycle Manager
    • 8.7 – 3/22/23
    • 8.8 – 4/28/23

Notes from the Field

Using PowerCLI to prepare new ESX hosts – Powershell and PowerCLI can be used to automate many things.  I was talking to a customer recently and remembered a script I once used to help automate the configuration of hosts.  I did not have access to Host Profiles at the time. This script will show just how much PowerCLI can do with a few lines of code  – including saving you time!

While you have your eyes on a Powershell script, learn how a hash table can make it easier to find that needle in a haystack

KB 90203 – Provides a reference for VMware Tools Guest Operating System compatibility.  As operating systems move to unsupported lifecycle by their manufacturer – they move to legacy status for VMware Tools.  This means newer versions of VMware Tools will not support that OS.

Validating that Oracle RAC can use vMotion – Oracle workloads running RAC with VMware Change Block Tracking enabled can indeed use vMotion.

Security Hardening Enhancements in vSphere 8 – Learn how ESXi shell account access is being changed to tighten security in ESXi.

ESX Host Prep with PowerCLI

VMUG Advantage - An essential tool to help you upgrade your skills
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.