Title

Sun Ray Desktop Unit traffic is not isolated logically through the use of a dedicated VLAN or network segment. (Cat II impact)

Discussion

Isolated LANs provide a greater degree of security than traditional LANs since only authorized users and devices are allowed to connect. Authorized users and devices are configured through the use of access control lists. This logical separation provides better performance through broadcast reduction, and reduced configuration management for Sun Ray Desktop Unit device moves, additions, and changes.

Check Content

Work with the network reviewer and system administrator to determine compliance. Request a copy of switch configuration to verify the ports that the Sun Ray server plugs into are configured to a dedicated VLAN. Below is an example of a VLAN that may be used for Sun Ray server traffic. Cisco IOS Example: Interface VLAN5 description “Network A” ip address 192.168.1.25 255.255.255.0 no shutdown interface VLAN 12 description “Network Sun Ray” ip address 10.0.0.25 255.255.255.0 no shutdown set interface sc0 10.0.0.25 255.255.255.0

Fix Text

Isolate Sun Ray Desktop Unit traffic from other traffic.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16061

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.