Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
VCENTER-000027 | VCENTER-000027 | VCENTER-000027_rule | Medium |
Description |
---|
An inactivity timeout must be set for the vSphere Client (Thick Client). This client-side setting can be changed by users, so this must be set by default and re-audited. Automatic session termination minimizes risk and reduces the potential for unauthorized access to vCenter. |
STIG | Date |
---|---|
VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Check Text ( C-VCENTER-000027_chk ) |
---|
On each Windows computer with the vSphere Client installed, verify: A 15 minute (maximum) timeout is set in the VpxClient.exe.config file: Locate the VpxClient.exe.config file using the Windows OS search facility. Next, right click on VpxClient.exe.config and edit the file using an editor, such as Notepad. In the Verify the timeout that the vSphere Client executable is started with is an execution flag: Locate the vSphere Client executable icon on the desktop, right click, and select properties. Verify the presence of "-inactivityTimeout 15" in the command. If either of the above methods are invoked and the timeout interval exceeds 15 minutes, this is a finding. |
Fix Text (F-VCENTER-000027_fix) |
---|
On each Windows computer with the vSphere Client installed: Set a 15 minute (maximum) timeout in the VpxClient.exe.config file: Locate the VpxClient.exe.config file using the Windows OS search facility. Next, right click on VpxClient.exe.config and edit the file using an editor, such as Notepad. In the Set a 15 minute (maximum) timeout execution flag when starting the vSphere Client executable: Locate the vSphere Client executable icon on the desktop, right click, and select properties. Add "-inactivityTimeout X", where X is the (maximum=15) number of minutes before the vSphere Client will automatically disconnect from the server. |