UCF STIG Viewer Logo

VI Client sessions with VirtualCenter are unencrypted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15872 ESX0730 SV-16813r1_rule Medium
Description
User sessions with VirtualCenter should be encrypted since transmitting data in plaintext may be viewed as it travels through the network. User sessions may be initiated from the VI client and VI Web Access. To encrypt session data, the sending component, such as a gateway or redirector, applies ciphers to alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its original form. To ensure the protection of the data transmitted to and from external network connections, all VI client and web access sessions with VirtualCenter will be encrypted with a FIPS 140-2 encryption algorithm.
STIG Date
VMware ESX 3 Virtual Center 2016-05-03

Details

Check Text ( C-16229r1_chk )
1. On the VirtualCenter Server go to Start> Program Files>VMware>Infrastructure>Virtual Infrastructure Client>Launcher.
2. Open the VpxClient.exe.config file with Notepad.
3. Verify https:443 is configured.
(appSettings)
(add key = “protocolports” value = “https:443”/)
(/appSettings)

If this setting is not set, this is a finding.
Fix Text (F-15832r1_fix)
Encrypt all VI Client sessions to the VirtualCenter Server.