VMCH-65-000043 - Use of the virtual machine console must be minimized.

Information

The VM console enables a connection to the console of a virtual machine, in effect seeing what a monitor on a physical server would show. The VM console also provides power management and removable device connectivity controls, which might potentially allow a malicious user to bring down a virtual machine. In addition, it also has a performance impact on the service console, especially if many VM console sessions are open simultaneously.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop a policy prohibiting the use of a VM console for performing management services. This policy should include procedures for the use of SSH and Terminal Management services for VM management. Where SSH and Terminal Management services prove insufficient to troubleshoot a VM, access to the VM console may be temporarily granted.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-104469r1_rule, STIG-ID|VMCH-65-000043, Vuln-ID|V-94639

Plugin: VMware

Control ID: 6668eb58d09214334b0af30bf8663309f997dc7abdff4a5f37afe982d8b258a6