Check: VCENTER-000022
VMware vCenter Server Version 5 STIG:
VCENTER-000022
(in versions v2 r1 through v1 r7)
Title
Network access to the vCenter Server system must be restricted. (Cat III impact)
Discussion
Restrict access to only those essential components required to communicate with vCenter. Blocking access by unnecessary systems reduces the potential for general attacks on the operating system and minimizes risk.
Check Content
The vCenter Server must be protected by a network and/or local firewall on the vCenter Server Windows system. This protection must include IP-based access restrictions, enabling only necessary components to communicate with the vCenter Server system. If the vCenter Server Windows system is not protected by a network and/or local firewall, this is a finding.
Fix Text
The vCenter Server Windows system must be protected by utilizing a network and/or local firewall. Install the vCenter Server Windows system behind the firewall and/or install a firewall application on the Windows system. Firewall protections must include IP-based access restrictions, enabling only necessary components to communicate with the vCenter Server system.
Additional Identifiers
Rule ID: SV-250741r799913_rule
Vulnerability ID: V-250741
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |