UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must block access to ports not being used by vCenter.


Overview

Finding ID Version Rule ID IA Controls Severity
VCENTER-000004 VCENTER-000004 VCENTER-000004_rule High
Description
Militate against general attacks on the Windows system by blocking unneeded ports. A local firewall on the Windows system of vCenter, or a network firewall, can be used to block access to ports not specifically being used by vCenter.
STIG Date
VMware vCenter Server Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-VCENTER-000004_chk )
This check is both site and installation specific.

Ask the SA for a list of all unblocked ports on the vCenter Server's Window system. Verify all unblocked ports are necessary and used. Example: a partial list of examples of where ports might be blocked: (636/TCP) if the vCenter will not be part of a linked-mode vCenter group; (1521/TCP) if the vCenter DB is not Oracle.

If there are any unused, unblocked ports on the vCenter Server's Window system, this is a finding.
Fix Text (F-VCENTER-000004_fix)
Determine what site-specific ports are required to support the Window system hosting the vCenter Server application. Determine the installation-specific ports that are required to support the vCenter Server application. Block all ports that are not required by either the Windows system and/or the vCenter Server.