Details
In a typical deployment, the Update Manager Download Server connects to public patch repositories on the Internet to download patches. This connection must be restricted as much as possible to prevent access from the outside to the Update Manager Download Server. Any direct channel to the Internet represents a threat.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
If the Update Manager Download Server does not connect to the Internet to source vendor patches, no fix is required.
To configure proxy settings, from the vSphere Client/vCenter Server system, click Update Manager under Solutions and Applications.
On the Configuration tab, under Settings, click Download Settings. In the Proxy Settings pane, select Use proxy and change the proxy information. Optional: If the proxy requires authentication, select Proxy requires authentication and provide a user name and password. Optional: Click Test Connection at any time to test a connection to the Internet through the proxy is possible. Click Apply.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Group-ID|V-39568
- Rule-ID|SV-250747r799931_rule
- STIG-ID|VCENTER-000033
- STIG-Legacy|SV-51426
- STIG-Legacy|V-39568
- Vuln-ID|V-250747