Any enabled or connected device represents a potential attack channel. Users and processes without privileges on a virtual machine can connect or disconnect hardware devices, such as network adapters and CD-ROM drives. Attackers can use this capability to breach virtual machine security. Removing unnecessary hardware devices can help prevent attacks.

An attacker with access to a virtual machine can connect a disconnected hardware device and access sensitive information on the media left in the drive, or disconnect a network adapter to isolate the virtual machine from its network, resulting in a denial of service.

Ensure that unauthorized devices are not connected and remove any unneeded or unused hardware devices.

Disable unnecessary virtual devices from within a virtual machine.

Ensure that no device is connected to a virtual machine if it is not required. Serial and parallel ports are rarely used for virtual machines in a data center, and CD/DVD drives are usually connected only temporarily during software installation.

1

Log into a vCenter Server system using the vSphere Web Client.

2

Right-click the virtual machine and click Edit Settings.

3

Check each hardware device and ensure that you want it connected.

Include checks for the following devices:

Floppy drives

Serial ports

Parallel ports

USB controllers

CD-ROM drives