Check: GEN007700
VMware ESX 3 Server:
GEN007700
(in version v1 r2)
Title
The IPv6 protocol handler must not be bound to the network stack unless needed. (Cat II impact)
Discussion
IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host.
Check Content
If the IPv6 protocol handler is bound to the network stack, and the system does not need IPv6, this is a finding.
Fix Text
Unbind the IPv6 protocol handler from the network stack.
Additional Identifiers
Rule ID: SV-26216r1_rule
Vulnerability ID: V-22541
Group Title: GEN007700
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-4 |
Information Flow Enforcement |