Details
Disable all system components that are not needed to support the application or service
running on the VM. VMs often don’t require as many functions as ordinary physical servers,
so when virtualizing, you should evaluate whether a particular function is truly needed.
*Rationale*
By disabling unnecessary system components, you reduce the number of potential attack
vectors, which reduces the likelihood of compromise.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To disable unneeded functions, perform whichever of the following steps are applicable:
1. Disable unused services in the operating system. For example, if the system runs a
file server, make sure to turn off any Web services.
2. Disconnect unused physical devices, such as CD/DVD drives, floppy drives, and USB
adaptors. This is described in the Removing Unnecessary Hardware Devices section
in the ESXI Configuration Guide.
3. Turn off any screen savers.
4. If using a Linux, BSD, or Solaris guest operating system,
do not run the X Window system unless it is necessary.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.