Security Considerations to Configure VMware
Tools
You must ensure certain data security
considerations while configuring VMware Tools as VMware Tools configuration settings might
expose some security threats or risks.
There are many kind of possible security threats while
configuring VMware Tools components or features.
For example, VMware Tools enables you to
connect virtual devices such as serial and parallel ports to virtual machines. A
connected device might be a potential channel of attack. To harden a virtual machine
and reduce security risks as much as possible, disable the VMware Tools features
that might be vulnerable to security threats.
For complete information about
securely deploying VMware vSphere in a production environment, including security
recommendations for hosts, virtual machines, management components, and a networking
infrastructure, see the
vSphere
Hardening Guide
. VMware Tools settings relate only to the virtual machine
aspect of a deployment. Virtual machines are
encapsulated in a small number of files. Of these, the configuration file
(
.vmx
file)
governs the performance of the virtual hardware and other settings. You can use
several methods to see and modify the configuration settings:
- Use the vSphere Web Client to edit virtual machine settings. In the vSphere Web Client, editing these configuration parameters is an advanced option in the virtual machineEdit Settingsdialog box.
- Use the vSphere Host Client to edit virtual machine settings. In the vSphere Host Client, editing these configuration parameters is an advanced option in the virtual machineEdit Settingsdialog box.
- Use a vSphere API-based tool, such as Power CLI, to view and modify.vmxparameters.
After you edit a setting, the
change does not take effect until you restart the virtual machine.
You can eliminate several
potential threats by setting parameters appropriately in the corresponding
VMware Tools parameters to set in the virtual machine's
.vmx
file. The
defaults for many of these parameters are already set to protect virtual
machines from these threats.
Threats: Unprivileged User Account
Access
- Copy and paste
- By default, the ability to copy and paste text, graphics, and files is disabled, as is the ability to drag and drop files. When this option is enabled, you can copy and paste rich text, and depending on the VMware product, graphics and files from your clipboard to the guest operating system in a virtual machine. That is, when the console window of a virtual machine gains focus, nonprivileged users and processes running in the virtual machine can access the clipboard on the computer where the console window is running. To avoid risks associated with this feature, retain the following.vmxsettings, which disable copying and pasting:isolation.tools.copy.disable = "TRUE" isolation.tools.paste.disable = "TRUE"
Threats: Virtual Devices
- Connecting and modifying devices
- By default, the ability to connect and disconnect devices is disabled. When this feature is enabled, users and processes without root or administrator privileges can connect devices such as network adapters and CD-ROM drives, and they can modify device settings. That is, a user can connect a disconnected CD-ROM drive and access sensitive information on the media that is in the drive. A user can also disconnect a network adapter to isolate the virtual machine from its network, which is a denial of service. To avoid risks associated with this feature, retain the following.vmxsettings, which disable the ability to connect and disconnect devices or to modify device settings:isolation.device.connectable.disable = "TRUE" isolation.device.edit.disable = "TRUE"
Threats: Virtual Machine Information
Flow
- VMX file size
- By default the configuration file is limited to a size of 1 MB because uncontrolled size for the file can lead to a denial of service if the datastore runs out of disk space. Informational messages are sometimes sent from the virtual machine to the.vmxfile. These setinfo messages define virtual machine characteristics or identifiers by writing name-value pairs to the file. You might need to increase the size of the file if large amounts of custom information must be stored in the file. The property name istools.setInfo.sizeLimit, and you specify the value in kilobytes. Retain the following.vmxsetting:tools.setInfo.sizeLimit = "1048576"
- Sending performance counters into PerfMon
- You can integrate virtual machine performance counters for CPU and memory into PerfMon for Linux and Microsoft Windows guest operating systems. This provides detailed information about the physical host available to the guest operating system. A malicious user could potentially use this information to perform further attacks on the host. By default this feature is disabled. Retain the following.vmxsetting to prevent host information from being sent to the virtual machine:tools.guestlib.enableHostInfo = "FALSE"This setting blocks some but not all metrics. If you set this property toFALSE, the following metrics are blocked:
- GUESTLIB_HOST_CPU_NUM_CORES
- GUESTLIB_HOST_CPU_USED_MS
- GUESTLIB_HOST_MEM_SWAPPED_MB
- GUESTLIB_HOST_MEM_SHARED_MB
- GUESTLIB_HOST_MEM_USED_MB
- GUESTLIB_HOST_MEM_PHYS_MB
- GUESTLIB_HOST_MEM_PHYS_FREE_MB
- GUESTLIB_HOST_MEM_KERN_OVHD_MB
- GUESTLIB_HOST_MEM_MAPPED_MB
- GUESTLIB_HOST_MEM_UNMAPPED_MB
- Features not exposed in vSphere that could cause vulnerabilities
- Because VMware virtual machines run in many VMware products in addition to vSphere, some virtual machine parameters do not apply in a vSphere environment. Although these features do not appear in vSphere user interfaces, disabling them reduces the number of vectors through which a guest operating system could access a host. Use the following.vmxsetting to disable these features:isolation.tools.unity.push.update.disable = "TRUE" isolation.tools.ghi.launchmenu.change = "TRUE" isolation.tools.ghi.autologon.disable = "TRUE" isolation.tools.hgfsServerSet.disable = "TRUE" isolation.tools.memSchedFakeSampleStats.disable = "TRUE" isolation.tools.getCreds.disable = "TRUE"