Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rss-post-importer domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/yelofcom/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the graphene domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/yelofcom/public_html/wp-includes/functions.php on line 6121
security configuration – Mike Foley

Tag: security configuration

vSphere 6.5 Security Configuration Guide now available

Announcing the GA release of the vSphere Security Configuration Guide!

Rename

As I mentioned in my previous blog post where I announced the availability of the Security Configuration Guide (SCG) Release Candidate, the term “Hardening Guide” will no longer be used starting with vSphere 6.5.  Only an increasingly small subset of the settings are truly “hardening”.  It’s mostly about configuration and auditing of settings.

Review, Change, Repeat

One of the things I always heard from customers over the years is “Why can’t you ship things secure out of the box”. While we are moving in that direction for those settings we can set, one thing to note is that 65% of today’s guide contain settings that VMware can not set for you or settings that we have already set that should be audited to check to see if the default value has been changed.

Every release we (myself and engineers) review all the settings and “clean house”. Everything is questioned. I started this review process for the 6.0 release and quite frankly, it upset a few apple carts. The guide at that time had grown like a set of firewall rules. As the guide grew over the years, nobody wanted to change anything because they didn’t know what the fallout would be. In my opinion, that is NOT a way to run your security operations. Security in this era DEMANDS that you always question the status quo.

To learn more about the changes in 6.0, I highly recommend you read this blog and the blogs it references. (1st & 2nd)

Because of this review process, we are making great progress towards shipping  “secure by default” and that effort will  be ongoing .

Continue reading