Книга: Mastering VMware® Infrastructure3
Promiscuous Mode
Promiscuous Mode
The Promiscuous Mode option is set to Reject by default to prevent virtual network adapters from observing any of the traffic submitted through the vSwitch. For enhanced security, allowing Promiscuous mode is not recommended because it is an insecure mode of operation that allows virtual adapters to access traffic other than its own. Despite the security concerns, there are valid reasons for permitting a switch to operate in Promiscuous mode. An intrusion detection system (IDS) requires the ability to identify all traffic to scan for anomalies and malicious patterns of traffic. To support the use of the IDS without overextending the reduced security of Promiscuous mode, you can create a dedicated virtual machine port group for use with the IDS. As shown in Figure 3.37, the virtual switch security policy will remain at the default setting of Reject for the Promiscuous Mode option, while the virtual machine port group for the IDS will be set to Accept. This setting will override the virtual switch, allowing the IDS to monitor all switch traffic.
Figure 3.36 The default security profile for a virtual switch prevents Promiscuous Mode but allows MAC Address Changes and Forged transmits.
Оглавление книги
- 1.1.4. Model Explorer - навигатор модели
- Листинг 14.2. Использование параметра XMLWriteMode при сохранении объекта ADO.NET DataSet
- Entering and Exiting PHP Mode
- 3.4.2. The Transaction Model
- 17.2.2. Preemption Models
- 17.4.9. Runtime Control of Locking Mode
- 1.3.14 Sleep Mode
- 7.1.2 Operation of the SD Card in SPI Mode
- 9.9.1 Configuration Mode
- 9.9.2 Disable Mode
- 9.9.3 Normal Operation Mode
- 9.9.4 Listen-only Mode