There is a new ESXi security whitepaper which has been released by VMware. The Author is Mike Foley. The paper covers pretty much everything which is security related and its destined to the IT team managing VMware infrastructures and it treats security of the VMware ESXi hypervisor in over 25 pages.
Quote from the source:
Finding the right level of detail to go into a paper like this is always a challenge. The paper, at 25 pages, is meant as an overview to a specific audience, the security professional. In order to keep the paper at a reasonable length, some deep dive content is referenced in existing materials. On the last page is a list of 19 references that I used in producing the paper.
What you'll find inside?
- Secure Virtual Machine Isolation in Virtualization
- Network Isolation
- Secure Management
- Platform Integrity protection
- VMware's secure development cycle
ESXi is not a Linux.
ESXi is a purpose-built system kernel designed from the ground up to run virtual machines and associated services. As such, it follows many POSIX constructs and semantics, but it is in many ways very different from a UNIX or Linux OS. Typical Linux concepts such as file systems and users and groups are not applicable to an ESXi system. The files that one sees when logged in to the shell exist only in memory, and changes made to most files are not persistent across reboots. ESXi also does not have a concept of “users” for the purpose of file or process ownership. All logins to the shell have exactly the same privileges, and every file is equally accessible to all shell sessions.
The Author – Mike Foley is a Senior Technical Marketing Manager at VMware. His primary focus is on security of the core platform (vSphere). He is the current keeper of the vSphere Hardening Guide.
Each chapter goes quite deep in the topics, in a paper which is relatively small as being said in the beginning – only 25 pages. You can download the paper from this page.