VM : verify-network-filter

Information

A VM must be configured explicitly to accept access by the dvfilter network API. This should be done only for VMs for which you want this to be done. An attacker might compromise the VM by making use of this introspection channel.

Solution

If a VM is not supposed to be protected by a product using the dvfilter API, ensure ethernetn.filtern.name = dv-filterX is not present in its VMX file. If the VM is supposed to be protected, ensure that the name of the data path kernel is set correctly.

See Also

https://www.vmware.com/files/xls/hardeningguide-vsphere5-5-ga-released.xlsx

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: VMware

Control ID: 21144602af6bfde31c46c7d3013b9c198296dd9b9febac5804e710f605c76da2