Details
Configure VMware Tools to disable host information from being sent to guests unless
a particular VM requires this information for performance monitoring purposes.
*Rationale*
By enabling a VM to get detailed information about the physical host, an adversary could
potentially use this information to inform further attacks on the host.
Solution
To prevent host information from being sent to guests, run the following PowerCLI command:
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘tools.guestlib.enableHostInfo’ -value $false
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.