Check: GEN006460
VMware ESX 3 Server:
GEN006460
(in version v1 r2)
Title
Any NIS+ server must be operating at security level 2. (Cat II impact)
Discussion
If the NIS+ server is not operating in, at least, security level 2, there is no encryption and the system could be penetrated by intruders and/or malicious users.
Check Content
If the system is not using NIS+, this is not applicable. Check the system to determine if NIS+ security level 2 is implemented. Procedure: # niscat cred.org_dir If the second column does not contain DES, the system is not using NIS+ security level 2, and this is a finding.
Fix Text
Configure the NIS+ server to use security level 2.
Additional Identifiers
Rule ID: SV-926r2_rule
Vulnerability ID: V-926
Group Title: GEN006460
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001435 |
The organization defines networking protocols within the information system deemed to be nonsecure. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |