Check: ESXI-65-000052
VMware vSphere 6.5 ESXi STIG:
ESXI-65-000052
(in versions v2 r4 through v1 r1)
Title
The ESXi host must protect the confidentiality and integrity of transmitted information by utilizing different TCP/IP stacks where possible. (Cat III impact)
Discussion
There are three different TCP/IP stacks by default available on ESXi now which are Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi admins must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired.
Check Content
From the vSphere Web Client select the ESXi Host and go to Configure >> Networking >> TCP/IP configuration. Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information. If vMotion and Provisioning VMKernels are in use and are not utilizing their own TCP/IP stack, this is a finding.
Fix Text
From the vSphere Web Client select the ESXi Host and go to Configure >> Networking >> TCP/IP configuration >> Select a TCP/IP stack >> Click Edit >> Enter the appropriate site specific IP address information for the particular TCP/IP stack and click OK.
Additional Identifiers
Rule ID: SV-207651r854583_rule
Vulnerability ID: V-207651
Group Title: SRG-OS-000423-VMM-001700
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
Controls
Number | Title |
---|---|
SC-8 |
Transmission Confidentiality And Integrity |