Harden virtual machine access

As described in Objective 1.2, VMware has provided some Security Hardening Guides (https://www.vmware.com/security/hardening-guides.html) to provide guidance on how to increase security in a vSphere environment.

VMware suggests some security best practices to increase the security of VMs running in a vSphere environment, as follows:

• Use templates: Instead of manually installing guest operating systems and applications, prefer templates or other provisioning systems to enforce security baselines.
• Limit console access: Be sure to protect and limit access to the VM console, for the confidentiality of data (by default, more users can see the same VM console sessions).
• Limit remote access: Remote protocols used for management (such as SSH or RDP) must be secured, controlled, and limited.
• Limit resources: Without proper resource management (such as resource pools), more VMs can consume most of the host resources, with a possible denial-of-service (DoS) scenario.
• Minimize services: Any service that is running in a VM is a potential target for attacks. Be sure to disable services or system components that are not necessary.
• Minimize hardware: Disconnect or remove unused devices, such as CD/DVD drives, floppy drives, and USB adapters. This also helps with VM migration. Note that CD/DVD drives may be needed for VMware Tools installation/upgrade.
• Limit VMware Tools functions: Disable unused functionality, such as unused display features or host guest file systems (HGFSs). Some of those functions will be discussed in the next section.

For more information, see the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-CF45F448-2036-4BE3-8829-4A9335072349.html).