Free Newsletters :
IT Management
Products
Security
Security Administration Tools

Tripwire ConfigCheck

Product Watch
Compares VMware ESX Server 3.0/3.5 Configs to Best Practices

Tripwire ConfigCheck is a free, downloadable tool that provides an assessment of VMware ESX 3.0/3.5 configurations from a security standpoint. The tool operates by connecting to a specified VMware ESX server and comparing its configuration to best practices as provided by VMware; specifically, the VMware Infrastructure 3 Security Hardening guidelines. The VMware Infrastructure 3 Security Hardening guidelines (which can be downloaded from the VMware site) provide detailed descriptions of security related configuration parameters as well as recommendations for their settings. Tripwire states that their Tripwire ConfigCheck tool automates over half of the tests provided in the hardening guide; including those tests that apply specifically to VMware ESX and lend themselves well to automated testing.

To use the utility, it must first be downloaded to a Windows 2003 machine with a JRE at 1.5 or better. After unpacking and launching the utility, the user is then prompted for the username/password for root access to the VMware ESX machine to be examined (users may examine as many ESX machines as they like; but may do so only one at a time). Tripwire recommends that this Windows machine be located behind the firewall, but on the same network used for virtual infrastructure management.

The utility then examines the configuration and performs its tests, noting the results of each test as "Passed," "Failed," or "Unavailable," (Unavailable usually means no connection could be made; the password provided was incorrect or the file to be examined is unreadable by root). Among the parameters examined are such items as port group settings, NIC mode settings, network isolation for VMotion and iSCSI, and more.

The tool then provides potential remediation steps for each failed test. A companion document, the Tripwire ConfigCheck Remediation Guide, is also available as a free PDF download (registration required), which explains each test (i.e., what is being tested and why it is important from a security standpoint), as well as provides step-by-step remediation instructions. The Remediation Guide additionally contains links to source data.

As a free tool, the vendor warns that it checks only VMware ESX configurations and not the entire virtual infrastructure (i.e., not Virtual Center, virtual networks, the guest operating system or applications, etc.). Additionally, the tool does not allow the printing of the test results. For more extensive examinations of both virtual and physical environments, the vendor recommends their Tripwire Enterprise product (see related link below).

Visit the Tripwire ConfigCheck site for further information.

product submission by EITPlanet Staff

fact sheet
ID#: 1216661533
date posted: Jul. 21, 2008
category: Security:Security Administration Tools
platform: Windows 2003 w/JRE 1.5+
vendor: Tripwire, Inc
(tripwire.com)
related links:
Product Entry: Tripwire Enterprise

vendor's information:
Download Tripwire ConfigCheck
about Tripwire ConfigCheck
about Tripwire, Inc


Security

Anti-spam | Anti-virus | Biometrics | Encryption | Filtering/Monitoring | Firewalls | Identity | Intrusion Detection/Prevention | Personal Utilities | Privacy | Security Administration Tools | Tools

Latest category updates via our RSS feed
RSS


Partners
Partner With Us













More IT Management
CIO Update
Datamation
eCRMGuide
DRM Watch
eSecurity Planet
ITSMWatch
Intranet Journal
Inside ID
Grid Computing Planet
bITa Planet
IT Career Planet
Project Manager Planet
Semantic Web


JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Intel PDF: Virtualization Delivers Data Center Efficiency
Intel eBook: Managing the Evolving Data Center
Microsoft Article: BitLocker Brings Encryption to Windows Server 2008
Symantec eBook: The Guide to E-Mail Archiving and Management
Microsoft Article: RODCs Transform Branch Office Security
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
 Avaya Article: Advancing the State of the Art in Customer Service
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Seminar: Efficiencies in Hardware/Software Virtualization
HP Webcast: Disaster Recovery Planning
Go Parallel Video: Performance and Threading Tools for Game Developers
 HP Video: StorageWorks EVA4400 and Oracle
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
IBM TCO eKIT: Your IT Budget is Under Attack, Get in Control
IBM Energy Efficiency eKIT: Learn How to Reduce Costs
30-Day Trial: SPAMfighter Exchange Module
 Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
Microsoft Article: Silverlight Streaming--Free Video Hosting for All
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce
 HP Demo: StorageWorks EVA4400
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES