Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
iSCSI storage equipment is not configured with the latest patches and updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15790 | ESX0080 | SV-16729r1_rule | Medium |
| Description |
|---|
| The ESX Server does not open any ports to listen for network connections. This measure reduces the chances that an intruder can attack the ESX Server through spare ports and possibly compromise the server. However, iSCSI device vulnerabilities may exist even though the ESX Server is configured properly. If security vulnerabilities exist in the iSCSI device software, data located on the iSCSI device may be at risk. To mitigate this risk, system administrators will install all security patches provided by the storage equipment manufacturer and limit the devices connected to the iSCSI network. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-15977r1_chk ) |
|---|
| Validating the iSCSI device software will require the assistance of the system administrator. The system administrator will have to give you the version number of the software and validate that the software is at the latest version. If the software is not at the latest version, this is a finding. |
| Fix Text (F-15732r1_fix) |
|---|
| Install the latest patches and updates to the iSCSI device. |