Untitled

Access to the Service Console/VMkernel: an attacker can bruteforce or guess a password through a compromised virtual machine in an untrusted DMZ to login to the service console, which gives him full access to all virtual machines on the host. When using ESX, the management interface needs to be properly isolated by assigning it to a dedicated , which has at least one pNIC. It’s also a good idea if the configuration and management switch has a redundant pNIC for failover in case the first physical NIC fails. A VM belonging to a DMZ should never be on the same as Service Console or VMkernel, because a compromised VM in a DMZ could be used by the attacker to gain full access to the management console and every VM on a host.