During a requirements gathering workshop, the customer provides the following requirement:
A new vSphere platform must be designed securely and all interfaces must be protected against potential snooping.
How should this non-functional security requirement be documented?
To ensure a vSphere platform is designed securely and all interfaces are protected against potential snooping, the best approach is to use encrypted channels for all communications. Encryption ensures that even if traffic is intercepted, it cannot be read or tampered with. This directly addresses the requirement of preventing snooping by securing the data in transit.
Is talking about secure interfaces, points to PVLAN. B can be the option if the question is about applications
“Isolation prevents snooping” . Page 69 of the security guide : https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-vcenter-server-703-security-guide.pdf (working link)
Isolation prevents snooping. https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-vcenter-server-70-security-guide.pdf
Changed to D, agree with the others.
I don`t think auditing your interfaces will prevent snooping. It might just let you know who could be the potential suspect in case of emergency situation. But, using PVLANs sounds like the best option here, as it might prevent unauthorized access.
For me it's A - Security (NFR) D - Administrative functions (FR)
Auditing does not prevent snooping
D for me. For example: "Your ESXi host uses several networks. Use appropriate security measures for each network, and isolate traffic for specific applications and functions. For example, ensure that VMware vSphere vMotion traffic does not travel over networks where virtual machines are located. Isolation prevents snooping. Having separate networks is also recommended for performance reasons. https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-vcenter-server-70-security- guide.pdf
Isolation of Network traffic is essential to a secure vSphere environment. Isolation prevents snooping So D for me