Check: ESXI-67-000052
VMware vSphere 6.7 ESXi STIG:
ESXI-67-000052
(in versions v1 r3 through v1 r1)
Title
The ESXi host must protect the confidentiality and integrity of transmitted information by using different TCP/IP stacks where possible. (Cat III impact)
Discussion
Three different TCP/IP stacks are available by default on ESXi: Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi, administrators must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired.
Check Content
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration. Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information. If vMotion and Provisioning VMKernels are in use and are not using their own TCP/IP stack, this is a finding.
Fix Text
From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration. Select a TCP/IP stack and click "Edit". Enter the appropriate site-specific IP address information for the particular TCP/IP stack and click "OK".
Additional Identifiers
Rule ID: SV-239306r854602_rule
Vulnerability ID: V-239306
Group Title: SRG-OS-000423-VMM-001700
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
Controls
Number | Title |
---|---|
SC-8 |
Transmission Confidentiality And Integrity |