Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
VCENTER-000004 | VCENTER-000004 | VCENTER-000004_rule | High |
Description |
---|
Militate against general attacks on the Windows system by blocking unneeded ports. A local firewall on the Windows system of vCenter, or a network firewall, can be used to block access to ports not specifically being used by vCenter. |
STIG | Date |
---|---|
VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Check Text ( C-VCENTER-000004_chk ) |
---|
This check is both site and installation specific. Ask the SA for a list of all unblocked ports on the vCenter Server's Window system. Verify all unblocked ports are necessary and used. Example: a partial list of examples of where ports might be blocked: (636/TCP) if the vCenter will not be part of a linked-mode vCenter group; (1521/TCP) if the vCenter DB is not Oracle. If there are any unused, unblocked ports on the vCenter Server's Window system, this is a finding. |
Fix Text (F-VCENTER-000004_fix) |
---|
Determine what site-specific ports are required to support the Window system hosting the vCenter Server application. Determine the installation-specific ports that are required to support the vCenter Server application. Block all ports that are not required by either the Windows system and/or the vCenter Server. |