An error occurred:

Check: GEN008540

VMware ESX 3 Server: GEN008540 (in version v1 r2)

Title

The system's local firewall must implement a deny-all, allow-by-exception policy. (Cat II impact)

Discussion

A local firewall protects the system from exposing unnecessary or undocumented network services to the local enclave. If a system within the enclave is compromised, firewall protection on an individual system continues to protect it from attack.

Check Content

Determine if the system's local firewall implements a deny-all, allow-by-exception policy. If it does not, this is a finding.

Fix Text

Configure the system's local firewall to implement a deny-all, allow-by-exception policy.

Additional Identifiers

Rule ID: SV-26258r1_rule

Vulnerability ID: V-22583

Group Title: GEN008540

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001109

Deny network communications traffic by default and allow network communications traffic by exception at managed interfaces; and/or for organization-defined systems.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-7(5)

Deny by Default — Allow by Exception