Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The NSX Distributed Logical Router must be configured so inactive router interfaces are disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69127 | VNSX-RT-000005 | SV-83731r1_rule | Medium |
| Description |
|---|
| An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could gain access to a router by connecting to a configured interface that is not in use. |
| STIG | Date |
|---|---|
| VMware NSX Distributed Logical Router Security Technical Implementation Guide | 2016-06-27 |
Details
| Check Text ( C-69567r1_chk ) |
|---|
| Verify there are no inactive router interfaces enabled. Log onto vSphere Web Client with credentials authorized for administration. Navigate and select Networking and Security >> "NSX Edges" tab on the left-side menu. Double-click the EdgeID. Click on the "Manage" tab on the top of the new screen, then Settings on the far left >> Interfaces >> Check the "Status" column for the associated interface. If any inactive router interfaces are not disabled, this is a finding. |
| Fix Text (F-75313r1_fix) |
|---|
| Log onto vSphere Web Client with credentials authorized for administration. Navigate and select Networking and Security >> select the "NSX Edges" tab on the left-side menu. Double-click the EdgeID. Click on the "Manage" tab on the top of the new screen then Settings on the far left >> Interfaces. For interfaces that are not in use, highlight the interface and click the pencil icon. Move the radio button next to "Connectivity Status" to "Disconnected". |