iSCSI VLAN or network segment is not configured for iSCSI traffic.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15788 | ESX0060 | SV-16727r1_rule | Medium |
| Description |
|---|
| Virtual machines may share virtual switches and VLANs with the iSCSI configuration. This type of configuration may expose iSCSI traffic to unauthorized virtual machine users. To restrict unauthorized users from viewing the iSCSI traffic, the iSCSI network should be logically separated from the production traffic. Configuring the iSCSI adapters on separate VLANs or network segments from the VMkernel and service console will limit unauthorized users from viewing the traffic. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Center | 2016-05-03 |
Details
| Check Text ( C-15975r1_chk ) |
|---|
| 1. Log into VirtualCenter with the VI Client and select the server from the inventory panel. The hardware configuration page for this server appears. 2. Click the Configuration tab, and click Networking. 3. Examine the virtual switches and their respective VLAN IDs. A separate and dedicated VLAN should be configured for all iSCSI connections. If there is no dedicated VLAN for iSCSI, this is a finding. |
| Fix Text (F-15730r1_fix) |
|---|
| Configure a dedicated VLAN or network segment for iSCSI connections. |