Harden VMware ESXi security
Improve security using a firewall and proxy server
Aug. 31, 2021 - Willem L. Middelkoop
In response to an incident on a server, I detected a possible security breach. The affected machine ran VMware ESXi, a bare metal hypervisor used to run virtual private servers. In standalone mode, a web based management console offers full control over the infrastructure, posing a risk.
Continue reading![VMware ESXi is a bare metal hypervisor that divides one physical server into multiple virtual servers](/blog/2021-08-31_protecting-vmware-esxi/images/i_00_VMware-ESXi-is-a-bare-metal-hypervisor-that-divides-one-physical-server-into-multiple-virtual-server_500px.png)
![VMware ESXi web interface - inviting you and others to manage this physical machine](/blog/2021-08-31_protecting-vmware-esxi/images/i_01_VMware-ESXi-web-interface-inviting-you-and-others-to-manage-this-physical-machine_500px.png)
![Two proxy servers providing secure access to multiple VMware hosts](/blog/2021-08-31_protecting-vmware-esxi/images/i_04_Two-proxy-servers-providing-secure-access-to-multiple-VMware-hosts_500px.png)
![nginx configuration to authenticate and forward traffic to a VMware administrative console](/blog/2021-08-31_protecting-vmware-esxi/images/i_05_nginx-configuration-to-authenticate-and-forward-traffic-to-a-VMware-administrative-console_500px.png)
![Pre-authenticate traffic to the administrative console through a small and simple Debian GNU/Linux server with nginx proxy](/blog/2021-08-31_protecting-vmware-esxi/images/i_03_Pre-authenticate-traffic-to-the-administrative-console-through-a-small-and-simple-Debian-GNU-Linux-s_500px.png)
![Finding exposed VMware ESXi web interfaces requires nothing but some Google skills](/blog/2021-08-31_protecting-vmware-esxi/images/i_02_Finding-exposed-VMware-ESXi-web-interfaces-requires-nothing-but-some-Google-skills_500px.png)