STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-243084r719495_rule
V-243084
SRG-APP-000516
VCTR-67-000015
CAT II
10
From the vSphere Client, go to Networking >> select a distributed switch >> select a port group >> Configure >> Settings >> Policies >> Edit >> Security.
Set "Promiscuous Mode" to reject. Click "OK".
or
From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
Get-VDSwitch | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false
Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous $false
From the vSphere Client, go to Networking >> select a distributed switch >> select a port group >> Configure >> Settings >> Policies.
Verify "Promiscuous Mode" is set to reject.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
Get-VDSwitch | Get-VDSecurityPolicy
Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
If the "Promiscuous Mode" policy is set to accept, this is a finding.
V-243084
False
VCTR-67-000015
From the vSphere Client, go to Networking >> select a distributed switch >> select a port group >> Configure >> Settings >> Policies.
Verify "Promiscuous Mode" is set to reject.
or
From a PowerCLI command prompt while connected to the vCenter server, run the following commands:
Get-VDSwitch | Get-VDSecurityPolicy
Get-VDPortgroup | ?{$_.IsUplink -eq $false} | Get-VDSecurityPolicy
If the "Promiscuous Mode" policy is set to accept, this is a finding.
M
5399