Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
VI Web Access sessions with VirtualCenter are unencrypted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15873 | ESX0740 | SV-16814r1_rule | ECCT-1 ECCT-2 | Medium |
| Description |
|---|
| User sessions with VirtualCenter should be encrypted since transmitting data in plaintext may be viewed as it travels through the network. User sessions may be initiated from the VI client and VI Web Access. To encrypt session data, the sending component, such as a gateway or redirector, applies ciphers to alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its original form. To ensure the protection of the data transmitted to and from external network connections, all VI client and web access sessions with VirtualCenter will be encrypted with a FIPS 140-2 encryption algorithm. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Center | 2016-05-03 |
Details
| Check Text ( C-16230r1_chk ) |
|---|
| 1. Login to VirtualCenter through the VI Client. 2. Select an ESX Server host from the inventory panel. 3. Select the configuration tab. 4. Select advanced settings in the software section. 5. Verify the “Config.Defaults.security.host.ruissl” is checked. This requires SSL to be used when communicating with the host over 902. If this is not checked, this is a finding. |
| Fix Text (F-15833r1_fix) |
|---|
| Encrypt all VI Web Access sessions with VirtualCenter. |