Any enabled or connected device represents a potential attack channel. Users and processes without privileges on a virtual machine can connect or disconnect hardware devices, such as network adapters and CD-ROM drives. Attackers can use this capability to breach virtual machine security. Removing unnecessary hardware devices can help prevent attacks.

Use the following guidelines to increase virtual machine security.

  • Ensure that unauthorized devices are not connected and remove any unneeded or unused hardware devices.

  • Disable unnecessary virtual devices from within a virtual machine. An attacker with access to a virtual machine can connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive, or disconnect a network adapter to isolate the virtual machine from its network, resulting in a denial of service.

  • Ensure that no device is connected to a virtual machine if it is not required. Serial and parallel ports are rarely used for virtual machines in a datacenter environment, and CD/DVD drives are usually connected only temporarily during software installation.

  • For less commonly used devices that are not required, either the parameter should not be present or its value must be false. Ensure that the following parameters are either not present or set to false unless the device is required.

    Parameter

    Value

    Device

    floppyX.present

    false

    floppy drives

    serialX.present

    false

    serial ports

    parallelX.present

    false

    parallel ports

    usb.present

    false

    USB controller

    ideX:Y.present

    false

    CD-ROM