Who allow their bare-metal hypervisor to connect directly to the internet without a firewall in between?
Also - who portforwards port 22 (or any VCenter port) directly to the Internet?
Put a firewall and VPN in between!
Two strains of ransomware have recently been updated to target VMware’s ESXi hypervisor and encrypt virtual machine files, says security vendor CrowdStrike. Neither attack has found a way into ESXi itself, which is welcome news as a successful attack on the type-one hypervisor would mean hosts could be compromised. Instead, …
I take it you’ve never hacked before?
There is a distinction between security and functionality
You can make things so secure they are no longer functional, vice versa is true also, its so functional and convenient its a security risk.
Which do you think most companies will pick?
Convenience, or security?
Some people cant go a week without destroying their mobile phone like the clumsy and inattentive cunts they are, so explaining the risks to them that opening random junk mail items without understanding why its in the spam folder to begin with is a wasted effort
Meanwhile, the CEO is having their 7th holiday this year
This is why best practice is to use an admin VM/device to do your admin stuff, not your "normal" daily driver device.
2nd, you don't have an email account configured on the admin device and your admin user doesn't have an email license attached to it either.
Its *REALLY* not that hard to do this, day in, day out, yet I'm sure someone will be along shortly to bemoan the "hassle" or needing to sign into another session to "do admin" to something.
Biting the hand that feeds IT © 1998–2022