Details
In a virtual machine, users and processes without root or administrator privileges can
disconnect devices, such as network adapters and CD-ROM drives, and modify device
settings within the guest operating system. These actions should be prevented.
*Rationale*
Disabling unauthorized modification and disconnection of devices helps prevents
unauthorized changes within the guest operating system, which could be used to gain
unauthorized access, cause denial of service conditions, and otherwise negatively affect the security
of the guest operating system.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.device.edit.disable’ -value $true
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.