VM : disconnect-devices-usb

Information

Besides disabling unnecessary virtual devices from within the virtual machine, you should ensure that no device is connected to a virtual machine if it is not required to be there. For example, serial and parallel ports are rarely used for virtual machines in a datacenter environment, and CD/DVD drives are usually connected only temporarily during software installation. For less commonly used devices that are not required, either the parameter should not be present or its value must be FALSE. NOTE: The parameters listed are not sufficient to ensure that a device is usable; other parameters are required to indicate specifically how each device is instantiated. Any enabled or connected device represents another potential attack channel.

Solution

Set usb:X.present to false in the virtual machine configuration file or remove the USB device from the virtual machine.

See Also

https://www.vmware.com/files/xls/hardeningguide-vsphere5-5-ga-released.xlsx

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: VMware

Control ID: 9503ac9781d2f68767619c602f9742883d72b429572f00356df0985b62a85f30