Disable promiscuous mode on all network interfaces

Details

In promiscuous mode all packets received will be processed by the host or VM, which could expose confidential information.


Solution

Run the following command for each physical interface (pif), especially those that will host VM guests:


xe pif-param-set uuid= other-config:promiscuous='off'


This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.


References


Source