VMware vCenter Server Version 5 Security Technical Implementation Guide

The VMware vCenter Server Version 5 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]

Details

Version / Release: V1R7

Published: 2016-02-10

Updated At: 2018-09-23 02:27:27

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-51402r2_rule VCENTER-000003 CCI-000366 MEDIUM The VMware Update Manager must not be configured to manage its own VM or the VM of its vCenter Server. The VMware Update Manager (vUM) and vCenter Server (vCS) are VM installable on an ESXi hypervisor host. For all ESXi hypervisors and VMs, including those of the vCS and the vUM, software and system security patches must be installed and up-to-date. For th
    SV-51403r2_rule VCENTER-000005 CCI-000366 MEDIUM Privilege re-assignment must be checked after the vCenter Server restarts. During a restart of vCenter Server, if the user or user group that is assigned Administrator role on the root folder could not be verified as a valid user/group during the restart, the user/group's permission as Administrator will be removed. In its place
    SV-51404r2_rule VCENTER-000006 CCI-000366 LOW The Web datastore browser must be disabled, unless required for normal day-to-day operations. The Web datastore browser enables viewing of all the datastores associated with the vSphere deployment, including all folders and files, such as VM files. This functionality is controlled by the organization-specific, user permissions on vCenter Server.Sy
    SV-51405r1_rule VCENTER-000007 CCI-000366 LOW The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects. The managed object browser provides a way to explore the object model used by the vCenter to manage the vSphere environment; it enables configurations to be changed as well. This interface is used primarily for debugging, and might potentially be used to
    SV-51406r1_rule VCENTER-000008 CCI-000366 LOW The vCenter Server must be installed using a service account instead of a built-in Windows account. The Microsoft Windows built-in system account or a user account can be used to run vCenter Server. With a user account, the Windows authentication for SQL Server can be enabled; it also provides more security. The user account must be an administrator on
    SV-51407r1_rule VCENTER-000009 CCI-000366 LOW The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server. The Update Manager Download Service (UMDS) is an optional module of the Update Manager. UMDS downloads upgrades for virtual appliances, patch metadata, patch binaries, and notifications that would not otherwise be available to the Update Manager server. F
    SV-51408r1_rule VCENTER-000012 CCI-001499 MEDIUM The vCenter Server administrative users must have the correct roles assigned. Administrative users must only be assigned privileges they require. Least Privilege requires that these privileges must only be assigned if needed, to reduce risk of confidentiality, availability or integrity loss.
    SV-51409r1_rule VCENTER-000013 CCI-000366 MEDIUM Access to SSL certificates must be monitored. The directory that contains the SSL certificates only needs to be accessed by the service account user on a regular basis. Occasionally, the vCenter Server system administrator might need to access it for support purposes. The SSL certificate can be used
    SV-51411r1_rule VCENTER-000015 CCI-000366 MEDIUM Expired certificates must be removed from the vCenter Server. If expired certificates are not removed from the vCenter Server, the user can be subject to a MiTM attack, which potentially might enable compromise through impersonation with the user's credentials to the vCenter Server system.
    SV-51412r1_rule VCENTER-000016 CCI-000366 MEDIUM Log files must be cleaned up after failed installations of the vCenter Server. If the vCenter installation fails, a log file (with a name of the form "hs_err_pidXXXX") is created that contains the database password in plain text. An attacker who breaks into the vCenter Server could potentially steal this password and access the vCen
    SV-51413r1_rule VCENTER-000017 CCI-000366 MEDIUM Revoked certificates must be removed from the vCenter Server. If revoked certificates are not removed from the vCenter Server, the user can be subject to a MiTM attack, which potentially might enable compromise through impersonation with the user's credentials to the vCenter Server system.
    SV-51414r1_rule VCENTER-000018 CCI-000366 MEDIUM The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator. By default, vCenter Server grants full administrative rights to the local administrator's account, which can be accessed by domain administrators. Separation of duties dictates that full vCenter Administrative rights should be granted only to those admini
    SV-51415r1_rule VCENTER-000019 CCI-000366 MEDIUM Access to SSL certificates must be restricted. The SSL certificate can be used to impersonate vCenter and decrypt the vCenter database password. By default, only the service user account and the vCenter Server administrators can access the directory containing the SSL certificates. The directory that
    SV-51416r1_rule VCENTER-000020 CCI-000366 MEDIUM The system must restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine. By default, vCenter Server "Administrator" role allows users to interact with files and programs inside a virtual machine's guest operating system. Least Privilege requires that this privilege should not be granted to any users who are not authorized, to
    SV-51417r1_rule VCENTER-000021 CCI-000366 LOW The use of Linux-based clients must be restricted. Although SSL-based encryption is used to protect communication between client components and vCenter Server or ESXi, the Linux versions of these components do not perform certificate validation. Even if the self-signed certificates are replaced on vCenter
    SV-51418r1_rule VCENTER-000022 CCI-000366 LOW Network access to the vCenter Server system must be restricted. Restrict access to only those essential components required to communicate with vCenter. Blocking access by unnecessary systems reduces the potential for general attacks on the operating system and minimizes risk.
    SV-51419r1_rule VCENTER-000023 CCI-000366 MEDIUM A least-privileges assignment must be used for the vCenter Server database user. Least-privileges mitigates attacks if the vCenter database account is compromised. vCenter requires very specific privileges on the database. Privileges normally required only for installation and upgrade must be removed for/during normal operation. These
    SV-51420r2_rule VCENTER-000024 CCI-000366 MEDIUM A least-privileges assignment must be used for the Update Manager database user. Least-privileges mitigates attacks if the Update Manager database account is compromised. The VMware Update Manager requires certain privileges for the database user in order to install, and the installer will automatically check for these. The privileges
    SV-51421r1_rule VCENTER-000027 CCI-000366 MEDIUM The system must set a timeout for all thick-client logins without activity. An inactivity timeout must be set for the vSphere Client (Thick Client). This client-side setting can be changed by users, so this must be set by default and re-audited. Automatic session termination minimizes risk and reduces the potential for unauthoriz
    SV-51422r1_rule VCENTER-000029 CCI-000366 MEDIUM vSphere Client plugins must be verified. The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, Web-based functionalit
    SV-51424r2_rule VCENTER-000031 CCI-000366 HIGH The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators. By default, vCenter Server grants full administrative rights to the local administrator's account, which can be accessed by domain administrators. Separation of duties dictates that full vCenter Administrative rights should be granted only to those admini
    SV-51426r1_rule VCENTER-000033 CCI-000366 MEDIUM The Update Manager Download Server must be isolated from direct connection to Internet public patch repositories by a proxy server. In a typical deployment, the Update Manager Download Server connects to public patch repositories on the Internet to download patches. This connection must be restricted as much as possible to prevent access from the outside to the Update Manager Download
    SV-51427r1_rule VCENTER-000034 CCI-000366 MEDIUM The Update Manager must not directly connect to public patch repositories on the Internet. In a typical deployment, the Update Manager connects to public patch repositories on the Internet to download patches. Any channel to the Internet represents a threat. For security reasons and deployment restrictions, the Update Manager must be installed