Details

In a typical deployment, the Update Manager connects to public patch repositories on the Internet to download patches. Any channel to the Internet represents a threat. For security reasons and deployment restrictions, the Update Manager must be installed in a secured network that is disconnected from the Internet.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To configure a Web server or local disk repository as a download source (i.e., ‘Direct connection to Internet’ must not be selected as the source), from the vSphere Client/vCenter Server system, click Update Manager under Solutions and Applications. On the Configuration tab, under Settings, click Download Settings. In the Download Sources pane, select Use a shared repository. Enter the path or the URL to the shared repository. Click Validate URL to validate the path. Click Apply.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Group-ID|V-39569
• Rule-ID|SV-250748r799934_rule
• STIG-ID|VCENTER-000034
• STIG-Legacy|SV-51427
• STIG-Legacy|V-39569
• Vuln-ID|V-250748

Source

• Tenable.com/audits