VMware Security Tip #8

Avoid denial of service caused by virtual disk modification operations

You should ensure that a normal user or process cannot make modifications to virtual disk operations. Particularly the process a virtual disk invokes to reclaim disk space. If this method is invoked repeatedly the disk could become unavailable and thus cause a denial of service on the guest. It is recommended that this feature be turned off.

Remediation Steps

1. Login to VirtualCenter or your ESX Host using the VI client
2. Power off the VM to be changed
3. Select the Virtual Machine that you wish to change
4. Select edit settings
5. Then select the options tab
6. Select Advanced, General and then select the “configuration parameters” button.
7. Add a row if necessary and then enter in the name field: “isolation.tools.diskWiper.disable”
8. In the value field enter the value “true”
9. Add another row and enter in the name field “isolation.tools.diskShrink.disable”
10. Add in the value field “true”

Share and Enjoy:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • RSS
  • Technorati
  • Twitter
  • BlinkList
  • Facebook
  • Ping.fm
  • Reddit
Copy the code below to your web site.
x 
Posted in Virtualization Security Tips byspiv
You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply