There is no dedicated VLAN or network segment configured for virtual disk file transfers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15786 | ESX0040 | SV-16725r1_rule | Medium |
| Description |
|---|
| The transfer of virtual disk files and VMotion migrations to and from VMFS volumes is sent in plaintext. This type of traffic provides no confidentiality for the data. Due to this vulnerability, at a minimum, virtual disk file transfers and VMotion migrations will be sent over a dedicated VLAN. The preferred method for these transfers is to encrypt this traffic with a FIPS 140-2 encryption algorithm. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Center | 2016-05-03 |
Details
| Check Text ( C-15972r1_chk ) |
|---|
| 1. Log into VirtualCenter with the VI Client and select the ESX server from the inventory panel. The hardware configuration page for the server appears. 2. Click the Configuration tab, and click Networking. 3. Examine the virtual switches and their respective VLAN IDs. A separate and dedicated VLAN should be configured for virtual disk transfers and VMotion migrations to and from VMFS volumes. The administrative VLAN or Out of Band VLAN is acceptable for compliance. If there is no dedicated VLAN for these transfers, this is a finding. |
| Fix Text (F-15727r1_fix) |
|---|
| Implement a dedicated VLAN for all virtual disk file transfers to and from VMFS volumes. |