Plain Virtualization

Many of our customers have done vulnerability assessment (VA) on vSphere ESXi and often highlighted out the vulerable items such as SHA1 and TLS 1.0, etc.  Some of it were there but not in used and we could not manually remove them such as SHA1, MD5, etc. While some of them were to support lower version such as TLS 1.1 and 1.0.  With vSphere 8, the security enhancement has made uplift to remove unwanted security bundles and as well to support only secured transport connection via TLS 1.2. On top of that, it also added daemons to now run in their own sandboxes instead of in the hypervisor world needing higher permissions which were unneeded and prone to vulnerability attacks. What is new for security is a timeout for SSH shell when enabled on ESXi host. So administrators, no longer are to leave the SSH shell connected for infinite time or even worse forgetting to disconnect and logout of the endpoint where they are connected to the ESXi shell. Lastly, if your hardware used for ...