Details
Ensure that no CD/DVD device is connected to a virtual machine unless required. For a
CD/DVD device to be disconnected, the ideX:Y.present parameter should either not be
present or have a value of FALSE.
*Rationale*
Removing unnecessary hardware devices can reduce the number of potential attack
channels and help prevent attacks.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-
# Remove all CD/DVD Drives attached to VMs
Get-VM | Get-CDDrive | Remove-CDDrive
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.