unauthorised devices connected

1, the vmware compliance checker flags it as an issue if unauthorised hardware are attached to a host (i.e. USB, floppy, IDLE, SERIAL etc), but what is the risk? Why would there be USB drives, IDLE, SERIAL etc drives attached to hosts? Surely its only admins who could access whatevers on them anyway, so I dont really see how this is a security issue? Normal domain users wouldnt be able to access drives attached to hosts would they?

2, Also - what determines which guests on a host can access the drive youve plugged in to a host? Say I have a host with 10 guests, and plug in a USB thumb drive, can all guests access this drive, or if not how do you determine which.
LVL 3
pma111Asked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
1. Does your company have a data theft policy?

An Administrator, which has been paid off to steal data, could easily add a small USB device, connect to the host, and steal data!

this is how easy it is todo!

HOW TO: Add and Connect a USB Device to a Virtual Machine, hosted on VMware vSphere Hypervisor ESX 4.1 ESXi 4.1, ESXi 5.0

It really depends, how your Security in your organization, I know of plenty of clients, that prohibits the connection of USB flash drives to Desktop computers!

Normally hosts are in a secure area, e.g. the datacentre, or machine room, users are not normally allow in. But an Administrator with a hidden agenda, could steal VMs or data easily.

Not all Risks in the Compliance Checker, are possibly going to be Risks for your organization, but some organizations, they are applicable.

You need to make an assessment, as to how Risky, they are to you.

2. Yes, if configured to, see above!
0
 
pma111Author Commented:
How can you get a report of what devices are currently attached to each host? Is the compliance checker also going to report on drives in the host itself, i.e. internal hard disc drives.

I assume accessing what info is on these drives is not typically do-able over the network by basic users, i.e. youd need admin level access to the guest to do so?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The Compliance checker, will confirm if devices can be connected to the VM.

Administrator access is required to access the virtual machine disks.

The vSphere Security Hardening Script can report if a VM is connected to a device.
0
All Courses

From novice to tech pro — start learning today.