Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
GEN003611-ESXI5-PNF | GEN003611-ESXI5-PNF | GEN003611-ESXI5-PNF_rule | Low |
Description |
---|
Martian packets are packets containing addresses known by the system to be invalid. Logging these messages allows the SA to identify misconfigurations or attacks in progress. Permanent not a finding. Martian packets are attacks meant for an IP network router. ESXi is not a router. - The vSphere management network provides access to the vSphere management interface on each component. Services running on the management interface provide an opportunity for an attacker to gain privileged access to the systems. Any remote attack most likely would begin with gaining entry to this network. The vSphere management port group should be in a dedicated VLAN on a common vSwitch. The vSwitch can be shared with production (virtual machine) traffic, as long as the vSphere management port group's VLAN is not used by production virtual machines. Check that the network segment is not routed, except possibly to networks where other management-related entities are found. Production virtual machine traffic must not be routed to this network. |
STIG | Date |
---|---|
VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Check Text ( C-GEN003611-ESXI5-PNF_chk ) |
---|
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding. |
Fix Text (F-GEN003611-ESXI5-PNF_fix) |
---|
This requirement is permanent not a finding. No fix is required. |