The network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246848 | HYCU-CM-000004 | SV-246848r768208_rule | High |
| Description |
|---|
| In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused or unnecessary physical and logical ports/protocols on information systems. |
| STIG | Date |
|---|---|
| HYCU for Nutanix Security Technical Implementation Guide | 2021-08-03 |
Details
| Check Text ( C-50280r768206_chk ) |
|---|
| The HYCU firewall is, by default, locked and enabled. Only the required/necessary services and ports are running on the HYCU Server. Verify the firewall is running by executing the following command: sudo firewall-cmd --state If the service is not running, this is a finding. Determine which services and ports are open by executing the following command: sudo firewall-cmd --list-all Output should show following two lines: 'services: cockpit dhcpv6-client iscsi-target samba ssh' 'ports: 8443/tcp' If more services than these are open, this is a finding. |
| Fix Text (F-50234r768207_fix) |
|---|
| Enable the firewall by logging on to the HYCU console and executing the following commands: sudo systemctl enable firewalld sudo systemctl start firewalld |