VM : verify-network-filter

Information

Control access to VMs through the dvfilter network APIs.
An attacker might compromise a VM by making use the dvFilter API. Configure only those VMs to use the API that need this access.

This setting is considered an "Audit Only" guideline. If there is a value present, the admin should check it to ensure it is correct.
http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-CD0783C9-1734-4B9A-B821-ED17A77B0206.html

Solution

From the vSphere web client, select each VM and click "Manage" -> "Settings" -> "VM Options". Click "Edit". Go to "VM Options" tab and expand "Advanced". Click on "Edit Configuration". Click on "Add Row" and then add the desired configuration parameter with the desired value.

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: VMware

Control ID: 890cc99988a549747c37b03e63d2c6339c689dbbea73485af59f1debd6da6733