-1

I have a vmware with 2012 server in it. Recently int he vsphere seens alot of attempt. Smells like a brute force. I understand that Security.AccountUnlockTime exists in the ESXi 6.0 that has a lockout period ( 120 seconds )

But that doesn't seems to be enough to remove the brute force away. How can i remedy this?

LArcenCiel
  • 101
  • 1

2 Answers2

6

Put the VMkernel interface behind a VPN or at the very least a firewall so you can limit what IP addresses can connect to it.

EEAA
  • 109,363
  • 18
  • 175
  • 245
3

For Esxi

In ESXi vSphere client, you can restrict access to authorized IP.

In the Esxi server main panel > configuration > Software > Firewall > Incoming connexion

You need to restrict mainly:

  • vSphere Client
  • SSH (if you enabled it)
  • vSphere Web Access

But like me you can restrict all execpt:

  • DHCP client (if you use DHCP for ESXI IP)
  • DHCPv6 (if you use DHCP v6 for ESXI)
  • DNS Client (if you need the DNS client for ESXI)

enter image description here

For windows 2012

In you Windows 2012 go to Control Panel > System and Security > Windows Firewall > Advanced Settings

Add new inbound rules for port 3389 in TCP :

enter image description here

Then in scope tab to limit IP address add the IPs you want:

enter image description here

Community
  • 1
Froggiz
  • 3,043
  • 1
  • 19
  • 30