Remove Unnecessary Hardware Devices From Your Virtual Machines
Here’s a foundation topic, whose rationale fits in the virtual world just as it did in the physical world.
Unnecessary or accessible hardware devices can be used against you by attackers to gain access or compromise information.
Unlike the physical world, where we can just lock hardware away in racks, the virtual world requires you to remove or disable the devices.
Alright, I understand removing unused hardware devices. I don’t even remember the last time I mounted a flp image to a floppy drive and the COM/LPT ports and NICs not being used, easy peasy, remove them.
But the device I see getting the most resistance from other engineers is the CD/DVD drives. I can see the need to enforce a policy of sorts as I find mounted ISO’s all the time, just left lonely and neglected after an install.
Read the entire article here, Remove Unnecessary Hardware Devices From Your Virtual Machines
via Scott Bollinger at bollingerusa.com – vmware, vsphere, virtual machines.