Details
Serial ports are interfaces for connecting peripherals to the VM. They are often used on physical systems to provide a direct, low-level connection to the console of a server. Virtual serial ports allow VMs to communicate with serial ports over networks. If virtual serial ports are needed, they should be configured to use secure protocols.
Rationale:
If virtual serial ports do not use secure protocols, the communications with those ports could be eavesdropped on, manipulated, or otherwise compromised, giving attackers sensitive information or control to unauthorized parties.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To configure all virtual serial ports to use secure protocols, change any protocols that are not secure to one of the following:
ssl – the equivalent of TCP+SSL
tcp+ssl – SSL over TCP over IPv4 or IPv6
tcp4+ssl – SSL over TCP over IPv4
tcp6+ssl – SSL over TCP over IPv6
telnets – telnet over SSL over TCP
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.