In earlier network systems, when machines and networks were entirely physical, a system administrator could visually inspect an environment to map connectivity and other network environment conditions. If an administrator wanted to disconnect a machine from a network, the machine was simply unplugged, and if connectivity needed to be mapped, a cable could be followed to its source or destination.
In a virtual environment there is no capability to physically disconnect a machine. Network switches and software-defined networks can be reconfigured to provide a virtual disconnection, however user error/misconfiguration can easily create an unintended configuration. Flaws in software and security vulnerabilities in the configuration can also potentially leave the machine(s) connected or reconnected to the network.
An individual, such as a system administrator, has little tangible guarantee to know how networks and systems are connected in a virtual environment. The option to “cut the cord” and have a physical guarantee of network disconnect is a feature lost in virtual environments. In one example, a full disconnection of a machine can lower the vulnerability for attackers, or be taken as an extreme measure in response to an attack. Disabling of network connectivity could prevent a machine, such as a mobile device or traveling laptop from automatically connecting to potentially compromised networks. Also, manual inspection of network cables to validate physical paths and to match an intended architecture is another option. However, in a virtual environment, the options to manage machines remotely and efficiently may require additional security and administrative measures.