VI Client sessions with VirtualCenter are unencrypted.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15872	ESX0730	SV-16813r1_rule		Medium

Description
User sessions with VirtualCenter should be encrypted since transmitting data in plaintext may be viewed as it travels through the network. User sessions may be initiated from the VI client and VI Web Access. To encrypt session data, the sending component, such as a gateway or redirector, applies ciphers to alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its original form. To ensure the protection of the data transmitted to and from external network connections, all VI client and web access sessions with VirtualCenter will be encrypted with a FIPS 140-2 encryption algorithm.

Description

User sessions with VirtualCenter should be encrypted since transmitting data in plaintext may be viewed as it travels through the network. User sessions may be initiated from the VI client and VI Web Access. To encrypt session data, the sending component, such as a gateway or redirector, applies ciphers to alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its original form. To ensure the protection of the data transmitted to and from external network connections, all VI client and web access sessions with VirtualCenter will be encrypted with a FIPS 140-2 encryption algorithm.

STIG	Date
VMware ESX 3 Virtual Center	2016-05-03

Details

Check Text ( C-16229r1_chk )
1. On the VirtualCenter Server go to Start> Program Files>VMware>Infrastructure>Virtual Infrastructure Client>Launcher. 2. Open the VpxClient.exe.config file with Notepad. 3. Verify https:443 is configured. (appSettings) (add key = “protocolports” value = “https:443”/) (/appSettings) If this setting is not set, this is a finding.

Fix Text (F-15832r1_fix)
Encrypt all VI Client sessions to the VirtualCenter Server.