Disable promiscuous mode on all network interfaces

Information

In promiscuous mode all packets received will be processed by the host or VM, which could expose confidential information.

Solution

Run the following command for each physical interface (pif), especially those that will host VM guests:


xe pif-param-set uuid=<pif-uuid> other-config:promiscuous='off'

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|9.1

Plugin: Unix

Control ID: b36ce0eb540b4e5155a65bf973ab9876aadc1d144ba61646454cfc6b3f47bce3