Details
Serial ports are interfaces for connecting peripherals to the VM. They are often used on
physical systems to provide a direct, low-level connection to the console of a server. Virtual
serial ports allow VMs to communicate with serial ports over networks. If virtual serial
ports are needed, they should be configured to use secure protocols.
*Rationale*
If virtual serial ports do not use secure protocols, the communications with those ports
could be eavesdropped on, manipulated, or otherwise compromised, giving attackers
sensitive information or control to unauthorized parties.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To configure all virtual serial ports to use secure protocols, change any protocols that are
not secure to one of the following:
. tcp+ssl – SSL over TCP over IPv4 or IPv6
. tcp4+ssl – SSL over TCP over IPv4
. tcp6+ssl – SSL over TCP over IPv6
. telnet over TCP with SSL
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.