The IPv6 protocol handler must not be bound to the network stack unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39431 | GEN007700-ESXI5-000116 | SV-51289r1_rule | Medium |
| Description |
|---|
| IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
| STIG | Date |
|---|---|
| VMware ESXi Server 5.0 Security Technical Implementation Guide | 2013-09-12 |
Details
| Check Text ( C-46705r1_chk ) |
|---|
| If the system uses IPv6, this is not applicable. By default, IPv6 is disabled for the management VMkernel port. To check IPv6 on VMware ESXi, from the vSphere Client/vCenter Server Home page, click Datacenter, Hosts and Clusters. Select the host and click the Configuration tab. Click the Networking link under Hardware. In the vSphere Standard Switch view, click the Properties link. Verify that IPv6 support on this host is disabled and click Cancel. If IPv6 support is enabled and the system does not use IPv6, this is a finding. |
| Fix Text (F-44444r1_fix) |
|---|
| By default, IPv6 is disabled for the management VMkernel port. To disable IPv6 on VMware ESXi, from the vSphere Client/vCenter Server Home page, click Datacenter, Hosts and Clusters. Select the host and click the Configuration tab. Click the Networking link under Hardware. In the vSphere Standard Switch view, click the Properties link. Select Disable IPv6 support on this host and click OK. Reboot the host. |