Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-258965 | VCSA-80-000300 | SV-258965r961863_rule | Medium |
Description |
---|
The vSphere Distributed Virtual Switch can enable port mirroring sessions allowing traffic to be mirrored from one source to a destination. If port mirroring is configured unknowingly this could allow an attacker to observe network traffic of virtual machines. |
STIG | Date |
---|---|
VMware vSphere 8.0 vCenter Security Technical Implementation Guide | 2024-07-11 |
Check Text ( C-62705r934551_chk ) |
---|
If distributed switches are not used, this is not applicable. From the vSphere Client, go to "Networking". Select a distributed switch >> Configure >> Settings >> Port Mirroring. Review any configured "Port Mirroring" sessions. or From a PowerCLI command prompt while connected to the vCenter server, run the following command: Get-VDSwitch | select Name,@{N="Port Mirroring Sessions";E={$_.ExtensionData.Config.VspanSession.Name}} If there are any unauthorized port mirroring sessions configured, this is a finding. |
Fix Text (F-62614r934552_fix) |
---|
From the vSphere Client, go to "Networking". Select a distributed switch >> Configure >> Settings >> Port Mirroring. Select the unauthorized "Port Mirroring" session and click "Remove". Click "OK". |