The system must not use the IPv6 network stack unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-63307 | ESXI-06-000069 | SV-77797r1_rule | Medium |
| Description |
|---|
| IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
| STIG | Date |
|---|---|
| VMware vSphere ESXi 6.0 Security Technical Implementation Guide | 2016-06-07 |
Details
| Check Text ( C-64041r1_chk ) |
|---|
| From the vSphere Client select the ESXi Host and go to Configuration >> Networking >> Properties. Verify IPv6 is not enabled. or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-VMHostNetwork | Select VMHost,IPv6Enabled If IPv6 is enabled and not in use, this is a finding. |
| Fix Text (F-69225r1_fix) |
|---|
| From the vSphere Client select the ESXi Host and go to Configuration >> Networking >> Properties. Uncheck IPv6 and reboot the host. or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-VMHostNetwork | Set-VMHostNetwork -IPv6Enabled $false |