Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

unauthorised devices connected

Posted on 2013-11-12
3
Medium Priority
?
252 Views
Last Modified: 2013-11-20
1, the vmware compliance checker flags it as an issue if unauthorised hardware are attached to a host (i.e. USB, floppy, IDLE, SERIAL etc), but what is the risk? Why would there be USB drives, IDLE, SERIAL etc drives attached to hosts? Surely its only admins who could access whatevers on them anyway, so I dont really see how this is a security issue? Normal domain users wouldnt be able to access drives attached to hosts would they?

2, Also - what determines which guests on a host can access the drive youve plugged in to a host? Say I have a host with 10 guests, and plug in a USB thumb drive, can all guests access this drive, or if not how do you determine which.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 123

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 39641435
1. Does your company have a data theft policy?

An Administrator, which has been paid off to steal data, could easily add a small USB device, connect to the host, and steal data!

this is how easy it is todo!

HOW TO: Add and Connect a USB Device to a Virtual Machine, hosted on VMware vSphere Hypervisor ESX 4.1 ESXi 4.1, ESXi 5.0

It really depends, how your Security in your organization, I know of plenty of clients, that prohibits the connection of USB flash drives to Desktop computers!

Normally hosts are in a secure area, e.g. the datacentre, or machine room, users are not normally allow in. But an Administrator with a hidden agenda, could steal VMs or data easily.

Not all Risks in the Compliance Checker, are possibly going to be Risks for your organization, but some organizations, they are applicable.

You need to make an assessment, as to how Risky, they are to you.

2. Yes, if configured to, see above!
0
 
LVL 3

Author Comment

by:pma111
ID: 39641443
How can you get a report of what devices are currently attached to each host? Is the compliance checker also going to report on drives in the host itself, i.e. internal hard disc drives.

I assume accessing what info is on these drives is not typically do-able over the network by basic users, i.e. youd need admin level access to the guest to do so?
0
 
LVL 123
ID: 39641469
The Compliance checker, will confirm if devices can be connected to the VM.

Administrator access is required to access the virtual machine disks.

The vSphere Security Hardening Script can report if a VM is connected to a device.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
A look into Log Analysis and Effective Critical Alerting.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
Teach the user how to install and configure the vCenter Orchestrator virtual appliance Open vSphere Web Client: Deploy vCenter Orchestrator virtual appliance OVA file: Verify vCenter Orchestrator virtual appliance boots successfully: Connect to the …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question