The system must block access to ports not being used by vCenter.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| VCENTER-000004 | VCENTER-000004 | VCENTER-000004_rule | High |
| Description |
|---|
| Militate against general attacks on the Windows system by blocking unneeded ports. A local firewall on the Windows system of vCenter, or a network firewall, can be used to block access to ports not specifically being used by vCenter. |
| STIG | Date |
|---|---|
| VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-VCENTER-000004_chk ) |
|---|
| This check is both site and installation specific. Ask the SA for a list of all unblocked ports on the vCenter Server's Window system. Verify all unblocked ports are necessary and used. Example: a partial list of examples of where ports might be blocked: (636/TCP) if the vCenter will not be part of a linked-mode vCenter group; (1521/TCP) if the vCenter DB is not Oracle. If there are any unused, unblocked ports on the vCenter Server's Window system, this is a finding. |
| Fix Text (F-VCENTER-000004_fix) |
|---|
| Determine what site-specific ports are required to support the Window system hosting the vCenter Server application. Determine the installation-specific ports that are required to support the vCenter Server application. Block all ports that are not required by either the Windows system and/or the vCenter Server. |