VCUI-67-000016 – vSphere UI directory tree must have permissions in an ‘out-of-the-box’ state – out-of-the-box state.
Details As a rule, accounts on a web server are to be kept to a minimum. Only administrators, web managers,...
- Home
- Security Hardening
- DISA STIG VMware vSphere 6.7 UI Tomcat V1R1
DISA STIG VMware vSphere 6.7 UI Tomcat V1R1
VCUI-67-000001 – vSphere UI must limit the amount of time that each TCP connection is kept alive.
Details Denial of service (DoS) is one threat against web servers. Many DoS attacks attempt to consume web server resources...VCUI-67-000017 – vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
Details Determining a safe state for failure and weighing that against a potential denial of service for users depends on...VCUI-67-000002 – vSphere UI must limit the number of concurrent connections permitted.
Details Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a website, facilitating a denial-of-service...VCUI-67-000018 – vSphere UI must limit the number of allowed connections.
Details Limiting the number of established connections is a basic denial-of-service protection and a best practice. Servers where the limit...VCUI-67-000003 – vSphere UI must limit the maximum size of a POST request.
Details The ‘maxPostSize’ value is the maximum size in bytes of the POST that will be handled by the container...VCUI-67-000004 – vSphere UI must protect cookies from XSS.
Details Cookies are a common way to save session state over the HTTP(S) protocol. If an attacker can compromise session...VCUI-67-000005 – vSphere UI must record user access in a format that enables monitoring of remote access.
Details Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it...VCUI-67-000006 – vSphere UI must generate log records for system startup and shutdown.
Details Logging must be started as soon as possible when a service starts and when a service is stopped. Many...VCUI-67-000007 – vSphere UI log files must only be accessible by privileged users.
Details Log data is essential in the investigation of events. If log data were to become compromised, competent forensic analysis...