ESXI-67-000052 – The ESXi host must protect the confidentiality and integrity of transmitted information by using different TCP/IP stacks where possible.

Details

Three different TCP/IP stacks are available by default on ESXi: Default, Provisioning, and vMotion.

To better protect and isolate sensitive network traffic within ESXi, administrators must configure each of these stacks. Additional custom TCP/IP stacks can be created if desired.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the vSphere Client, select the ESXi host and go to Configure >> Networking >> TCP/IP configuration.

Select a TCP/IP stack and click ‘Edit’.

Enter the appropriate site-specific IP address information for the particular TCP/IP stack and click ‘OK’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.

References

800-53|SC-8
CAT|III
CCI|CCI-002418
Rule-ID|SV-239306r674847_rule
STIG-ID|ESXI-67-000052
STIG-Legacy|SV-104137
STIG-Legacy|V-94051
Vuln-ID|V-239306

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles