VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The vCenter VAMI service must implement HTTP Strict Transport Security (HSTS).
HSTS instructs web browsers to only use secure connections for all future requests when communicating with a website. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, a...Rule Medium Severity -
SRG-APP-000516-WSR-000174
Group -
SRG-APP-000516-WSR-000174
Group -
The vCenter VAMI service must protect against MIME sniffing.
MIME sniffing was, and still is, a technique used by some web browsers to examine the content of a particular asset. This is done for the purpose of determining an asset's file format. This techniq...Rule Medium Severity -
SRG-APP-000516-WSR-000174
Group -
The vCenter VAMI service must enable Content Security Policy.
A Content Security Policy (CSP) requires careful tuning and precise definition of the policy. If enabled, CSP has significant impact on the way browsers render pages (e.g., inline JavaScript is dis...Rule Medium Severity -
The vCenter VAMI service must limit the number of allowed simultaneous session requests.
Denial of service (DoS) is one threat against web servers. Many DoS attacks attempt to consume web server resources in such a way that no more resources are available to satisfy legitimate requests...Rule Medium Severity -
The vCenter VAMI service must produce log records containing sufficient information to establish what type of events occurred.
Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. Ascertaining the correct...Rule Medium Severity -
The vCenter VAMI service must have Web Distributed Authoring (WebDAV) disabled.
A web server can be installed with functionality that, by its nature, is not secure. WebDAV is an extension to the HTTP protocol that, when developed, was meant to allow users to create, change, an...Rule Medium Severity -
The vCenter VAMI service must restrict the ability of users to launch denial-of-service (DoS) attacks against other information systems or networks.
In UNIX and related computer operating systems, a file descriptor is an indicator used to access a file or other input/output resource, such as a pipe or network connection. File descriptors index ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.