VI Console is used to administer virtual machines.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15892	ESX0960	SV-16833r1_rule	ECSC-1	Low

Description
The VI Console allows a user to connect to the console of a virtual machine, similar to seeing what a physical server monitor would show. However, the VI Console also provides power management and removable device connectivity controls, which could potentially allow a malicious user to bring down a virtual machine. In addition, it also has a performance impact on the service console, especially if many VI Console sessions are open simultaneously. To prevent performance issues and potential unauthorized users from accessing the VI Console, users should use remote management services, such as terminal services and ssh, to interact with virtual machines.

Description

The VI Console allows a user to connect to the console of a virtual machine, similar to seeing what a physical server monitor would show. However, the VI Console also provides power management and removable device connectivity controls, which could potentially allow a malicious user to bring down a virtual machine. In addition, it also has a performance impact on the service console, especially if many VI Console sessions are open simultaneously. To prevent performance issues and potential unauthorized users from accessing the VI Console, users should use remote management services, such as terminal services and ssh, to interact with virtual machines.

STIG	Date
VMware ESX 3 Policy	2016-05-03

Details

Check Text ( C-16251r1_chk )
Ask the IAO/SA what tools are used to administer virtual machines remotely. If the response includes the VI console, this is a finding.

Fix Text (F-15852r1_fix)
Use third party tools to administer virtual machines.