Does anyone know if Qualys supports Authenticated vulnerability scan for VMware ESX box?
Yes we support Authenticated scanning for ESX via the Unix Auth Record.
Do you also support Authenticated scanning for VMware ESXi? From what I understand it's a quite different then ESX in terms of accessing.
I am not sure how ESXi allows connections but if we can get an ssh, telnet, or rlogin prompt off the box, we can run an authenticated scan against it.
It does not appear ESXi allows any of those connections, it has 80 and 443 ports open, along with irdmi (8000). Admins say they use a web interface to administer that system.
So it seems more like an appliance then a server type.
I was told by our Ops team that VMware STRONGLY recommends leaving SSH disabled. I was also told that not only do they not recommend it, it's not supported and throws our all kinds of warnings if it's enabled. Does anyone know if the snmp auth record could be leveraged if SSH is not an option? Some would say if those exploitable services are not running it's safe to say the box is secure, but I do NOT agree. Using an assessment tool confirms users and administrators are following the correct practices/procedures/processes. It appears VMware ESXi 4.1 is a completely different beast than previous versions. Since the direction is to migrate to 4.1, we're going to need a soultion to this problem. Any comments/recommendations/suggestions would be greatly appreciated.
Retrieving data ...