The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.
An XCCDF Rule
Description
<VulnDiscussion>Virtual machines (VMs) might share virtual switches and VLANs with the IP-based storage configurations. IP-based storage includes vSAN, iSCSI, and NFS. This configuration might expose IP-based storage traffic to unauthorized VM users. IP-based storage frequently is not encrypted. It can be viewed by anyone with access to this network. To restrict unauthorized users from viewing the IP-based storage traffic, the IP-based storage network must be logically separated from any other traffic. Configuring the IP-based storage adaptors on separate VLANs or network segments from other VMkernels and VMs will limit unauthorized users from viewing the traffic.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256413r886020_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configuration of an IP-based VMkernel will be unique to each environment.
From the vSphere Client, go to Hosts and Clusters.
Select the ESXi Host >> Configure >> Networking >> VMkernel adapters.