The system must disable unnecessary or superfluous functions inside VMs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
ESXI5-VM-000032	ESXI5-VM-000032	ESXI5-VM-000032_rule		Medium

Description
By disabling unnecessary system components that are not needed to support the application or service running on the system, the number of parts is reduced that can be attacked. VMs often do not require as many services or functions as ordinary physical servers; so when virtualizing, evaluate whether a particular service or function is truly needed. Any service running in a VM provides a potential avenue of attack.

Description

By disabling unnecessary system components that are not needed to support the application or service running on the system, the number of parts is reduced that can be attacked. VMs often do not require as many services or functions as ordinary physical servers; so when virtualizing, evaluate whether a particular service or function is truly needed. Any service running in a VM provides a potential avenue of attack.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-ESXI5-VM-000032_chk )
This check is both site and mission specific. Steps must include disabling unused OS services, disconnection of unused physical devices, such as removable disk media drives and USB adaptors. Ask the SA if unused guest OS services and devices have been disabled and/or disconnected, respectively. If unused guest OS services and devices have not been disabled and disconnected, this is a finding.

Fix Text (F-ESXI5-VM-000032_fix)
Ensure all unused guest OS services and devices have been disabled and/or disconnected, respectively. The fix is site and mission specific.