Details

Quality of Service limits can mitigate denial of service attacks and ensure management access to the host. Though this can also be set with vSwitch, that method is deprecated in 6.2 and will not be available in the future.

Solution

For each VM guest interface (vif) set the quality of service algorithm and parameters, then unplug and replug the vif. To do so run the following commands:
xe vif-param-set uuid= qos_algorithm_type=ratelimit
xe vif-param-set uuid= qos_algorithm_params_kbps=100
xe vif-unplug uuid=; xe vif-plug uuid=

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-6

Source

• Tenable.com/audits