Disconnect unnecessary input devices
Summary
A virtual essential must not have connected devices that are not necessary for its operation (e.g., Floppy, IDE, CD/DVD, USB, Serial).
Description
This control refers to the restriction of access and permissions to the minimum necessary functions for the operation of the system. In the context of virtual essentials, unnecessary connected devices increase the attack surface, providing potential ways for exploitation.
Actions as the use of malicious USB devices, BadUSBs, unauthorized data exfiltration, among others, can be executed against virtual essentials and eventually gaining access to the host system.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CIS-4_1. Establish and maintain a secure configuration process
- CIS-4_2. Establish and maintain a secure configuration process for network infrastructure
- CIS-4_8. Uninstall or disable unnecessary services on enterprise assets and software
- MITRE ATT&CK®-M1034. Limit hardware installation
- CMMC-MP_L2-3_8_7. Removable media
- HITRUST CSF-01_h. Clear desk and clear screen policy
- OSSTMM3-11_9_3. Data networks security - Limitations mapping
- C2M2-9_3_d. Implement IT and OT asset security for cybersecurity architecture
Vulnerabilities
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.