Risk R-001 - Unauthorized Administrative Access to Proxmox Host
| Field | Value |
|---|---|
| Risk ID | R-001 |
| Scenario | S-002 - Unauthorized administrative access to infrastructure |
| Asset | Proxmox Host |
| Likelihood | 🟧 Medium - Exposed admin interfaces and credential compromise are common attack vectors |
| Impact | 🟥 High - Full control of virtualized infrastructure, potential destruction or modification of VMs |
| Risk rating | 🟥 High |
| Owner | Sec / Ops |
| Last Review | 2026-03-08 |
| Next Review | 2026-09-08 |
Associated Controls:
- Harden administrative access (disable root login, enforce strong passwords and key-based authentication).
- Require MFA and use a bastion host for all admin logins.
- Restrict access via firewall rules and VPN.
- Monitor authentication logs with SIEM; trigger alerts on suspicious login attempts.
- Regularly rotate credentials and audit privileged accounts.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.2 Privileged access rights.
- ISO 27001 - Control 8.16 Monitoring activities.
- NIST CSF - ID.AM Asset Management.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control.
- EBIOS RM - Identification of administrative access risks and compromise of virtualization assets.
Response actions:
- Containment - Immediately revoke compromised credentials, restrict access, and isolate affected systems.
- Eradication - Remove unauthorized users, re-secure administrative accounts, and apply hardening measures.
- Recovery - Restore VMs from verified snapshots if integrity is compromised.
- Post-incident - Conduct root cause analysis, review hardening checklist, and update incident response playbooks.