VM : disconnect-devices-parallel

Information

Disconnect unauthorized devices.

Ensure that no device is connected to a virtual machine if it is not required. For example, serial and parallel ports are rarely used for virtual machines in a datacenter environment, and CD/DVD drives are usually connected only temporarily during software installation. For less commonly used devices that are not required, either the parameter should not be present or its value must be FALSE. NOTE: The parameters listed are not sufficient to ensure that a device is usable; other required parameters specify how each device is instantiated. Any enabled or connected device represents a potential attack channel.

When setting is set to FALSE, functionality is disabled, however the device may still show up withing the guest operation system.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-600D24C8-0F77-4D96-B273-A30F256B29D4.html

Solution

# In this Example you will need to add the functions from this post: http://blogs.vmware.com/vipowershell/2012/05/working-with-vm-devices-in-powercli.html
# Remove all Parallel Ports attached to VMs
Get-VM | Get-ParallelPort | Remove-ParallelPort

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: VMware

Control ID: 67f1753f1660bff25070f115767a54d41de4a375ff62b7a6449edfcc68a298d6