5.2 (L1) Host must block network traffic by default

Information

By default, the host is configured to block all incoming and outgoing network traffic, except for the traffic pertaining to services enabled in the host security profile. This configuration is pivotal in reducing the attack surface and averting unauthorized access to the host. Even though there isn't a specific configuration parameter provided, the firewall settings are manageable through the VMware Host Client, wherein rules can be specified to allow or deny traffic for each service on a per-IP basis, ensuring only authorized networks have access.

Adhering to a policy of blocking network traffic by default significantly minimizes the risk of unauthorized access and potential external attacks. This posture promotes a principle of least privilege on the network level, ensuring only explicitly allowed traffic can communicate with the host, thereby enhancing the security posture.

Solution

Impact:

There is no functional impact mentioned for this security control. However, overly restrictive configurations might impede necessary communications if not properly managed, potentially affecting service availability and operational efficiency. Therefore, careful consideration and testing are advised when adjusting firewall settings to ensure essential traffic is not inadvertently blocked.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-7(5), 800-53|CM-10, 800-53|SI-7, 800-53|SI-7(1), CSCv7|2.7, CSCv7|2.9

Plugin: VMware

Control ID: b85ed850f22195c5de4f250240160922176b1d2c2e6e8aa993f9bb115bae2206