VMCH-70-000021 - Use of the virtual machine (VM) console must be minimized.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The VM console enables a connection to the console of a virtual machine, in effect seeing what a monitor on a physical server would show. The VM console also provides power management and removable device connectivity controls, which could allow a malicious user to bring down a VM. In addition, it impacts performance on the service console, especially if many VM console sessions are open simultaneously.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop a policy prohibiting the use of a VM console for performing management services.

This policy should include procedures for the use of SSH and Terminal Management services for VM management.

Where SSH and Terminal Management services prove insufficient to troubleshoot a VM, access to the VM console may be granted temporarily.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-256469r886450_rule, STIG-ID|VMCH-70-000021, Vuln-ID|V-256469

Plugin: VMware

Control ID: a57554736171e478eb20be0c6f69eb5b2bec3d83e238f0dbbb3725a1117b02de