Any enabled or connected device represents a potential attack channel. Users and processes with privileges on a virtual machine can connect or disconnect hardware devices, such as network adapters and CD-ROM drives. Attackers can use this capability to breach virtual machine security. Removing unnecessary hardware devices can help prevent attacks.
- Do not connect unauthorized devices to the virtual machine.
- Remove unneeded or unused hardware devices.
- Disable unnecessary virtual devices from within a virtual machine.
- Ensure that only required devices are connected to a virtual machine. Virtual machines rarely use serial or parallel ports. As a rule, CD/DVD drives are connected only temporarily during software installation.
- Browse to the virtual machine in the vSphere Client inventory.
- Right-click the virtual machine and click Edit Settings.
- Disable hardware devices that are not required.
Include checks for the following devices:
- Floppy drives
- Serial ports
- Parallel ports
- USB controllers
- CD-ROM drives