The system must protect the confidentiality and integrity of transmitted information by utilizing different TCP/IP stacks where possible.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-63273 | ESXI-06-000052 | SV-77763r1_rule | Low |
| Description |
|---|
| There are three different TCP/IP stacks by default available on ESXi now which are Default, Provisioning, and vMotion. To better protect and isolate sensitive network traffic within ESXi admins must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired. |
| STIG | Date |
|---|---|
| VMware vSphere ESXi 6.0 Security Technical Implementation Guide | 2019-01-04 |
Details
| Check Text ( C-64007r1_chk ) |
|---|
| From the vSphere Web Client select the ESXi Host and go to Manage >> Networking >> TCP/IP configuration. Review the default system TCP/IP stacks and verify they are configured with the appropriate IP address information. If any system TCP/IP stack is configured and not in use by a VMkernel adapter, this is a finding. |
| Fix Text (F-69191r1_fix) |
|---|
| From the vSphere Web Client select the ESXi Host and go to Manage >> Networking >> TCP/IP configuration >> Select a TCP/IP stack >> Click Edit >> Enter the appropriate site specific IP address information for the particular TCP/IP stack and click OK. |