VMware Cloud Community
ISYS2
Enthusiast
Enthusiast
‎07-02-2009 06:44 AM
Jump to solution

Secure VMTools

Is there a way to prevent users from running malicious scripts via VMTools?

We use VMtools for drivers (obviously) and the Time Sync functionality. What we have discovered though is that a non-admin Windows user can make use of the VMTools Script tab to make scripts run under the System account after a reboot of the VM.

Many thanks

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎07-02-2009 07:24 AM
Jump to solution

Hello,

Moved to Security Forum.

This is unfortunate but true. Even if you were to disable VMtools by locking down who can actually run the guest daemon (which is a step you should take), anyone can access the VMware backdoor with a little coding. So your best bet is to use the VMware Hardening Guideline and set the appropriate isolation settings to disable the ability for anyone to use the VMware backdoor maliciously.

The DISA STIG Has a larger list than VMware's Hardening Guideline and my book has one that is larger than that.


Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
1 Reply
Texiwill
Leadership
Leadership
‎07-02-2009 07:24 AM
Jump to solution

Hello,

Moved to Security Forum.

This is unfortunate but true. Even if you were to disable VMtools by locking down who can actually run the guest daemon (which is a step you should take), anyone can access the VMware backdoor with a little coding. So your best bet is to use the VMware Hardening Guideline and set the appropriate isolation settings to disable the ability for anyone to use the VMware backdoor maliciously.

The DISA STIG Has a larger list than VMware's Hardening Guideline and my book has one that is larger than that.


Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos