UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

There is no dedicated VLAN or network segment configured for virtual disk file transfers.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15786 ESX0040 SV-16725r1_rule Medium
Description
The transfer of virtual disk files and VMotion migrations to and from VMFS volumes is sent in plaintext. This type of traffic provides no confidentiality for the data. Due to this vulnerability, at a minimum, virtual disk file transfers and VMotion migrations will be sent over a dedicated VLAN. The preferred method for these transfers is to encrypt this traffic with a FIPS 140-2 encryption algorithm.
STIG Date
VMware ESX 3 Virtual Center 2016-05-03

Details

Check Text ( C-15972r1_chk )
1. Log into VirtualCenter with the VI Client and select the ESX server from the inventory panel.
The hardware configuration page for the server appears.
2. Click the Configuration tab, and click Networking.
3. Examine the virtual switches and their respective VLAN IDs. A separate and dedicated VLAN should be configured for virtual disk transfers and VMotion migrations to and from VMFS volumes. The administrative VLAN or Out of Band VLAN is acceptable for compliance. If there is no dedicated VLAN for these transfers, this is a finding.
Fix Text (F-15727r1_fix)
Implement a dedicated VLAN for all virtual disk file transfers to and from VMFS volumes.