Details
In a virtual machine, users and processes without root or administrator privileges can
connect devices, such as network adapters and CD-ROM drives. This should be prevented.
*Rationale*
Disabling unauthorized connection of devices helps prevents unauthorized changes within
the guest operating system, which could be used to gain unauthorized access, cause denial
of service conditions, and otherwise negatively affect the security of the guest operating system.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.device.connectable.disable’ -value $true
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.