Skip to content

The vCenter Server must only send NetFlow traffic to authorized collectors.

An XCCDF Rule

Description

<VulnDiscussion>The distributed virtual switch can export NetFlow information about traffic crossing the switch. NetFlow exports are not encrypted and can contain information about the virtual network, making it easier for a man-in-the-middle attack to be executed successfully. If NetFlow export is required, verify that all NetFlow target Internet Protocols (IPs) are correct.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256351r885664_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

To remove collector IPs, do the following:

From the vSphere Client, go to "Networking".

Select a distributed switch >> Configure >> Settings >> NetFlow.