Skip to content

Nutanix AOS must separate hosted application functionality from application server management functionality.

An XCCDF Rule

Description

<VulnDiscussion>The application server consists of the management interface and hosted applications. By separating the management interface from hosted applications, the user must authenticate as a privileged user to the management interface before being presented with management functionality. This prevents nonprivileged users from having visibility to functions not available to the user. By limiting visibility, a compromised nonprivileged account does not offer information to the attacker to functionality and information needed to further the attack on the application server. Application server management functionality includes functions necessary to administer the application server and requires privileged access via one of the accounts assigned to a management role. The hosted application and hosted application functionality consists of the assets needed for the application to function, such as the business logic, databases, user authentication, etc. The separation of application server administration functionality from hosted application functionality is either physical or logical and is accomplished by using different computers, different central processing units, different instances of the operating system, network addresses, network ports, or combinations of these methods, as appropriate.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-254117r846439_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

1. Log in to Prism Element.
2. Click on the gear icon in the upper right corner.
3. Under the "Settings" menu click "Network Configuration", and then select the "Internal Interfaces" tab.
4. Click the "Management LAN" option.
5. Set the VLAN to the VLAN used for management functions.