VM : disconnect-devices-floppy

Information

Disconnect unauthorized devices.

Ensure that no device is connected to a virtual machine if it is not required. For example, serial and parallel ports are rarely used for virtual machines in a datacenter environment, and CD/DVD drives are usually connected only temporarily during software installation. For less commonly used devices that are not required, either the parameter should not be present or its value must be FALSE. NOTE: The parameters listed are not sufficient to ensure that a device is usable; other required parameters specify how each device is instantiated. Any enabled or connected device represents a potential attack channel.

When setting is set to FALSE, functionality is disabled, however the device may still show up withing the guest operation system.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-600D24C8-0F77-4D96-B273-A30F256B29D4.html

Solution

# Remove all Floppy drives attached to VMs -
Get-VM | Get-FloppyDrive | Remove-FloppyDrive

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-7

Plugin: VMware

Control ID: 1fc239124b3ae871661a55fbe9d4dce94d21a5ea600c977c6ff8a4f2b6a9af2c