Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The connectivity between Update Manager and public patch repositories must be limited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| VCENTER-000033 | VCENTER-000033 | VCENTER-000033_rule | Medium |
| Description |
|---|
| In a typical deployment, the Update Manager connects to public patch repositories on the Internet to download patches. This connection must be limited as much as possible to prevent access from the outside to the Update Manager system. Any channel to the Internet represents a threat. |
| STIG | Date |
|---|---|
| VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-VCENTER-000033_chk ) |
|---|
| Verify there is a Web proxy between Update Manager and the Internet. Check the proxy settings for Update Manager to ensure correct configuration. To verify proxy settings, from the vSphere Client/vCenter Server system, click Update Manager under Solutions and Applications. On the Configuration tab, under Settings, click Download Settings. In the Proxy Settings pane, select properties and view the proxy information. If a web proxy between Update Manager and the Internet is not configured, this is a finding. |
| Fix Text (F-VCENTER-000033_fix) |
|---|
| To configure proxy settings, from the vSphere Client/vCenter Server system, click Update Manager under Solutions and Applications. On the Configuration tab, under Settings, click Download Settings. In the Proxy Settings pane, select Use proxy and change the proxy information. Optional: If the proxy requires authentication, select Proxy requires authentication and provide a user name and password. Optional: Click Test Connection at any time to test a connection to the Internet through the proxy is possible. Click Apply. |