Details
Ensure that no USB device is connected to a virtual machine unless required. For a USB
device to be disconnected, the usb.present parameter should either not be present or have a value of FALSE.
*Rationale*
Removing unnecessary hardware devices can reduce the number of potential attack channels and help prevent attacks.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-
# Remove all USB Devices attached to VMs
Get-VM | Get-USBDevice | Remove-USBDevice
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.