Solved

vpshere device management checks

Posted on 2012-04-13
8
314 Views
Last Modified: 2012-04-13
The vsphere compliance checker checks for some issues around “devices”, specifically:

•      Ensure unauthorised devices are not connected

•      Prevent unauthorised removal connection and modification of devices

1)      For starters, what is the definition of “unauthorised device”, and when they say “connected”, connected to what?

2)      Who could (what permissions would they need) connect an unauthorised device?

3)      What is the overall risk in connecting an unauthorised device?

4)      How does this setting prevent this, and who is it preventing?

5)      When they refer to “removal” or “modification”, can you explain what they mean, and their definition of device?

6)      What is the overall risk in removing or modifying a device? Who could do it? And how does this setting prevent such?
0
Comment
Question by:pma111
  • 5
  • 3
8 Comments
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
Comment Utility
floppy drive, cdrom drive or USB devices to the VM.

then you have the same issues, as a physical computer, letting users copy data to floppy drive, cdrom drive or USB devices, which could result in the stealing of data.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
1. floppy drive, cdrom drive or USB devices to the VM.

2. VMware Administrators as defined by vCenter.

3. Stealing Data

4. Remove all devices from the VM

5. Remove or Add a floppy drive, cdrom drive or USB plug and play

6. VMware Administrators
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Is there any valid case whereby a VM would need a CD ROM, USB drive etc?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Yes, install software?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 3

Author Comment

by:pma111
Comment Utility
So in such cases youd have to lift the policy setting to allow them to do so, and then reapply it after?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
if you need to add a cdrom.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Is that the only way they could steal data from within vcenter, i.e. by adding a device like CD ROM?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
vCenter allows the addition of devices.

you cannot steal data, other than copy and paste from the console, but you cannot copy and paste files.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now