The vCenter Server must remove unauthorized port mirroring sessions on distributed switches.

An XCCDF Rule

Details
Profiles

Description

The vSphere Distributed Virtual Switch can enable port mirroring sessions allowing traffic to be mirrored from one source to a destination. If port mirroring is configured unknowingly this could allow an attacker to observe network traffic of virtual machines.

ID: SV-258965r934553_rule
Version: VCSA-80-000300
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

From the vSphere Client, go to "Networking".

Select a distributed switch >> Configure >> Settings >> Port Mirroring.

Select the unauthorized "Port Mirroring" session and click "Remove". Click "OK".

The vCenter Server must remove unauthorized port mirroring sessions on distributed switches.

Description

Remediation Templates

A Manual Procedure