CIPUG Morgan King Virtualization
CIPUG Morgan King Virtualization CIPUG Morgan King Virtualization
28~# esxcli network ip connection list
VM Guest ports and servicesC:\VM-1\CIPUG>netstat -b -o -a -n > netstat_boan.txtActive ConnectionsProto Local Address Foreign Address State PIDTCP 0.0.0.0:135 0.0.0.0:0 LISTENING 952 C:\WINDOWS\system32\svchost.exeTCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 [System]TCP 0.0.0.0:6002 0.0.0.0:0 LISTENING 428 [spnsrvnt.exe]TCP 0.0.0.0:7001 0.0.0.0:0 LISTENING 248 [sntlkeyssrvr.exe]TCP 0.0.0.0:7002 0.0.0.0:0 LISTENING 248 [sntlkeyssrvr.exe]TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 1656 [dirmngr.exe]TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING 2484 [alg.exe]TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1764 [jqs.exe]TCP 127.0.0.1:33333 0.0.0.0:0 LISTENING 1856 [PGPtray.exe]TCP 172.16.105.220:139 0.0.0.0:0 LISTENING 4 [System]TCP 127.0.0.1:2111 127.0.0.1:33333 ESTABLISHED 1616UDP 0.0.0.0:7001 *:* 248 [sntlkeyssrvr.exe]UDP 0.0.0.0:500 *:* 700 [lsass.exe]UDP 0.0.0.0:4500 *:* 700 [lsass.exe]UDP 0.0.0.0:445 *:* 4 [System]UDP 127.0.0.1:123 *:* 1084 c:\windows\system32\WS2_32.dllUDP 172.16.105.220:6001 *:* 428 [spnsrvnt.exe]29
- Page 1: Morgan KingCISSP-ISSAP, CISAComplia
- Page 6 and 7: History• Virtualization technolog
- Page 8 and 9: What is Virtualization?• Abstract
- Page 10 and 11: Hypervisor Type 2 - Hosted• Requi
- Page 12 and 13: Platform Players• VMware - vSpher
- Page 14 and 15: Benefits• Server consolidation/ut
- Page 16 and 17: Complexity• Server Virtualization
- Page 18 and 19: CIP-002-3 R3Critical Cyber Asset Id
- Page 20 and 21: Is Hypervisor in-scope?• Any Hype
- Page 22 and 23: Mixed-Mode• Configuration where b
- Page 24 and 25: 1 Hypervisor - 3 Physical NICs5 Vir
- Page 26 and 27: CIP-007-3 R2Ports and Services•
- Page 30 and 31: CIP-007-3 R3Security Patch Manageme
- Page 32 and 33: 32Hypervisor patches
- Page 34 and 35: 34Virtual Machine installed securit
- Page 36 and 37: 36VMware vShield Endpoint
- Page 38 and 39: 38Privileged Service Console Access
- Page 40 and 41: CIP-007-3 R5.2.2Shared accounts40
- Page 42 and 43: 42Are specific roles are defined?
- Page 44 and 45: CIP-007-3 R5.3Password enforcement4
- Page 46 and 47: CIP-007-3 R6Security Status Monitor
- Page 48 and 49: 48Virtual Machines and Templates
- Page 50 and 51: Attack Vectors• VM Escape• Hype
- Page 52 and 53: 52http/https running as who?
- Page 54 and 55: Sum it up!• CIP Standards apply t
- Page 56 and 57: References56• http://history.cs.n
28~# esxcli network ip connection list