VM : disable-independent-nonpersistent

Information

Avoid using independent nonpersistent disks.

The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or remove any traces that they were ever on the machine. To safeguard against this risk, production virtual machines should be set to use persistent disk mode; additionally, make sure that activity within the VM is logged remotely on a separate server, such as a syslog server or equivalent Windows-based event collector. Without a persistent record of activity on a VM, administrators might never know whether they have been attacked or hacked.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-1E583D6D-77C7-402E-9907-80B7F478D3FC.html

Solution

#Alter the parameters for the following cmdlet to set the VM Disk Type:
Get-VM | Get-HardDisk | Set-HardDisk

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: VMware

Control ID: 285398a2fb1131025c7b98134f04c88ba6afc1c481e0a19fc1deabc8ad02a0e4