8.2.6 Ensure unauthorized modification and disconnection of devices is disabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

In a virtual machine, users and processes without root or administrator privileges can disconnect devices, such as network adapters and CD-ROM drives, and modify device settings within the guest operating system. These actions should be prevented.

Rationale:

Disabling unauthorized modification and disconnection of devices helps prevents unauthorized changes within the guest operating system, which could be used to gain unauthorized access, cause denial of service conditions, and otherwise negatively affect the security of the guest operating system.

Solution

To prevent unauthorized device modifications and disconnections, run the following PowerCLI command:

# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name 'isolation.device.edit.disable' -value $true

See Also

https://workbench.cisecurity.org/files/3473