"However, it also poses a security threat, providing a direct path of access and the ability to unknowingly [move] malware from one guest OS to another," Willson said.
Thus, if copy and paste isn't essential, it should be disabled as a rule.
Limiting unused virtual hardware. "Most IT professionals understand the need to manage unused hardware (drives, ports, network adapters), as these can be considered soft targets from a security standpoint," Willson said.
However, he adds, "with virtualisation technology we now have to take inventory of virtual hardware (CD drives, virtual NICS, virtual ports). Many of these are created by default upon creating new guest OSs under the disguise of being a convenience, but these can offer the same danger or point of entry as unused physical hardware can."
Again, just as it was with copy and paste, if the virtualised hardware isn't essential, it should be disabled.
Sign up for CIO Asia eNewsletters.