The VMkernel port group or virtual machine port group on a standard switch has a configurable security policy. The security policy determines how strongly you enforce protection against impersonation and interception attacks on VMs.
- A VM can send frames that appear to be from a different machine so that it can receive network frames that are intended for that machine.
- A virtual machine network adapter can be configured so that it receives frames targeted for other machines
When you add a VMkernel port group or virtual machine port group to a standard switch, ESXi configures a security policy for the ports in the group. You can use this security policy to ensure that the host prevents the guest operating systems of its VMs from impersonating other machines on the network. The guest operating system that might attempt impersonation does not detect that the impersonation was prevented.
- How VM network adapters control transmissions.
- How attacks are staged at this level