Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

vpshere device management checks

The vsphere compliance checker checks for some issues around “devices”, specifically:

•      Ensure unauthorised devices are not connected

•      Prevent unauthorised removal connection and modification of devices

1)      For starters, what is the definition of “unauthorised device”, and when they say “connected”, connected to what?

2)      Who could (what permissions would they need) connect an unauthorised device?

3)      What is the overall risk in connecting an unauthorised device?

4)      How does this setting prevent this, and who is it preventing?

5)      When they refer to “removal” or “modification”, can you explain what they mean, and their definition of device?

6)      What is the overall risk in removing or modifying a device? Who could do it? And how does this setting prevent such?
0
pma111
Asked:
pma111
  • 5
  • 3
1 Solution
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
floppy drive, cdrom drive or USB devices to the VM.

then you have the same issues, as a physical computer, letting users copy data to floppy drive, cdrom drive or USB devices, which could result in the stealing of data.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
1. floppy drive, cdrom drive or USB devices to the VM.

2. VMware Administrators as defined by vCenter.

3. Stealing Data

4. Remove all devices from the VM

5. Remove or Add a floppy drive, cdrom drive or USB plug and play

6. VMware Administrators
0
 
pma111Author Commented:
Is there any valid case whereby a VM would need a CD ROM, USB drive etc?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, install software?
0
 
pma111Author Commented:
So in such cases youd have to lift the policy setting to allow them to do so, and then reapply it after?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
if you need to add a cdrom.
0
 
pma111Author Commented:
Is that the only way they could steal data from within vcenter, i.e. by adding a device like CD ROM?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
vCenter allows the addition of devices.

you cannot steal data, other than copy and paste from the console, but you cannot copy and paste files.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now