Details
Ensure that no CD/DVD device is connected to a virtual machine unless required. For a CD/DVD device to be disconnected, the ideX:Y.present parameter should either not be present or have a value of FALSE.
Rationale:
Removing unnecessary hardware devices can reduce the number of potential attack channels and help prevent attacks.
Solution
To disconnect all CD/DVD drives from VMs, run the following PowerCLI command:
# Remove all CD/DVD Drives attached to VMs
Get-VM | Get-CDDrive | Remove-CDDrive
The VM will need to be powered off for this change to take effect.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.