Details
http://pubs.vmware.com/vsphere-51/topic/com.vmware.wssdk.apiref.doc/vim.host.NetworkPolicy.SecurityPolicy.html
Solution
1. Configure by using the vSphere Client to connect to the vCenter Server and logging in as an administrator.
2. Go to ‘Home > Inventory > Networking’.
3. Select each dvPortgroup connected to active VMs requiring securing.
4. Go to tab ‘Summary > Edit Settings > Policies > Security’.
5. Set ‘Mac Address Changes’ = ‘Reject’
Impact-This will prevent VMs from changing their effective MAC address. It will affect applications
that require this functionality. An example of an application like this is Microsoft Clustering,
which requires systems to effectively share a MAC address. This will also affect how a layer
2 bridge will operate. This will also affect applications that require a specific MAC address
for licensing. An exception should be made for the dvPortgroups that these applications are
connected to.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.