Details
Virtual Machine Disks are created as Dependent by default and are affected by snapshots.To ensure a virtual machine disk is not affected by snapshots the disk mode can be set to
Independent.Disks set to Independent mode can be Independent Persistent or Independent
Nonpersistent.Disks with Independent persistent mode have their data written permanently to the disk.Independent Nonpersistent disks lose any changes made to the disk when the system is
rebooted and can mask any trace of an attack on the system.
*Rationale*
The security issue with nonpersistent disk mode is that successful attackers, with a simple
shutdown or reboot, might undo or remove any traces that they were ever on the machine.
To safeguard against this risk, production virtual machines should be configured as follows-
1. Independent setting not enabled
2. Independent persistent
3. Independent nonpersistent with remote logging
Without a persistent record of activity on a VM, administrators might never know whether
they have been attacked or hacked.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-#Alter the parameters for the following cmdlet to set the VM Disk Type-
Get-VM | Get-HardDisk | Set-HardDisk
Impact-Won’t be able to make use of nonpersistent mode, which allows rollback to a known state
when rebooting the VM.
Default Value-The default mode is the correct mode.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system VMware.