The operating system must restrict the ability of users to launch Denial of Service attacks against other information systems or networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000141-ESXI5-PNF	SRG-OS-000141-ESXI5-PNF	SRG-OS-000141-ESXI5-PNF_rule		Medium

Description
When it comes to Denial of Service attacks (DoS), most of the attention is paid to ensuring the systems and applications are not victims of these attacks. While it is true those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. Applicable, but permanent not-a-finding - No users in the sense of a GP OS. root is the only user local to the host. All other accounts are required to be AD accounts (addressed in the VMware HG).

Description

When it comes to Denial of Service attacks (DoS), most of the attention is paid to ensuring the systems and applications are not victims of these attacks. While it is true those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. Applicable, but permanent not-a-finding - No users in the sense of a GP OS. root is the only user local to the host. All other accounts are required to be AD accounts (addressed in the VMware HG).

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000141-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000141-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.