Unused hardware is enabled in virtual machines.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15921 | ESX1170 | SV-16863r1_rule | Medium |
| Description |
|---|
| Virtual machines can connect or disconnect hardware devices. These devices may be network adapters, CD-ROM drives, USB drives, etc. Attackers may use this capability via non-privileged users or processes to breach virtual machines in several ways. An attacker that has access to a virtual machine may connect a CD-ROM drive and access sensitive information on the media left in the drive. Another action an attacker may perform is disconnecting the network adapter to isolate the virtual machine from its network resulting in a DoS. Therefore, as a general security precaution, SAs will remove any unneeded or unused hardware devices. If permanently removing a device is not feasible, SAs can restrict a virtual machine process or user from connecting or disconnecting devices from within the guest operating system. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Machine | 2016-05-03 |
Details
| Check Text ( C-16276r1_chk ) |
|---|
| 1. Login to VirtualCenter with the VI Client and select the virtual machine from the inventory panel. 2. Click Edit settings. 3. Click the Hardware tab. 4. Compare the virtual machine requirements documentation for the virtual machine to ensure that only the required devices are configured in the hardware tab. All devices (serial ports, network adapters, CD-ROMs, etc.) that are listed in the hardware tab and not in the virtual machine documentation will be a finding. If no virtual machine requirements exist, this is a finding. |
| Fix Text (F-15874r1_fix) |
|---|
| Disable or remove all unused hardware in virtual machines. |