How secure is Bridged Networking in VirtualBox?

Discussion in 'other firewalls' started by dialxdrop, Sep 29, 2010.

Thread Status:
Not open for further replies.
  1. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    If another computer on your network is infected with a worm/other malware, even with a physical router this malware can infect your computer. The best protection against this is using software firewalls and set "Untrust Network" and to turn off 1. Client for microsoft network and 2. file and printer sharing. This would make your computer super safe against that type of threat. (http://www.grc.com/su-fixit.htm)

    Another vulnerability comes from software exploits such as p2p connections. The best protection against this is to update your clients but in my opinion more importantly 1. run the software with sandboxie/sandboxed and 2) run the software under lua vs full admin rights. So this way even if my p2p client had an exploit, they could not do serious damage to my computer because the program is running LUA and sandboxed.

    Now when I am running VirtualBox with Bridged Networking, I really don't understand how this plays into the equation and if it would open more vulnerabilities:

    Q) if I were to run P2P with full admin rights on Virtualbox, would this make my host computer vulnerable? (I wouldn't be running P2P under sandboxie and no firewall in the VM). And would it open up any new vulnerabilities to network worms/malware?

    What I don't understand is if I am running VirtualBox under NAT and use P2P, I can see connections being made under VirtualBox on my firewall's active connection. And since Virtualbox is running with LUA, I feel confident and safe in this mode.

    However when I am running VirtualBox under Bridged Networking and use P2P, I can't see any connections being made on my firewall's active connection and I really dont' know where all the connections are being made and if they are under LUA protection so it worries me.

    Mrkvonic if you happen to see my thread and if its okay with you, you said that Bridged Networking "exposes machines to network with possible security implications." Are you talking about bridged networking putting my host at risk or just my guest vm?
    (http://www.dedoimedo.com/computers/virtualbox-network-sharing.html)

    If anyone knows, feel free to share your expertise and that includes you Mrkvonic, Thanks.
     
    Last edited: Sep 29, 2010
  2. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    Well let me try to rephrase this....

    Using Virtualbox + bridged networking:

    You are using SuRun with a LUA account running a VirtualBox session without admin rights. If you were to run P2P inside the VirtualBox with full admin rights,

    Would this be as secure as running P2P without admin rights?

    And would using a VM with Bridged networking open up any new network vulnerabilities to your host machine?


    I'd really appreciate it if anyone would know, thanks.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Two things:

    Limited privileges of the host and virtualbox protect your host.

    Whatever happens inside the virtual machine is a different story altogether. If you fear that an attack might propagate, you're better off with lua in virtual machine. Even if nothing attacks your host, a compromised machine is embarrassing.

    So host and virtualbox protection server to protect against virtual machine communicating outside, not the other way around, and certainly not anything that happens inside the virtual machine, which is for all practical purposes a separate machine.

    Now, bridged networking, separate ip, separate host, but it's still a single adapter that does the routing, so in theory, you can have a software flaw that causes your packets to misbehave, although I can't think of a rational scenario where this might happen. The bigger problem is deliberate snooping between ips on the same internal network, if one of the adapter is running in the promiscuous mode, but this requires admin rights.

    Your world-facing ip might be more vulnerable, but if you setup your config properly and use correct firewall rules, you should be fine. And you should make sure the internal network traffic is trusted - so make sure your setup is clean.

    Now, overall, there's no need for anything to happen anyway.
    You can safely run full admin this way or that way, no worries. But it's better to go for a more sensible setup like limited privileges. With surun, you're good.

    Mrk
     
  4. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35

    Thanks Mrk,

    So essentially running VM in surun/lua, regardless of using bridged, host only, NAT, running p2p etc etc. cannot open up any new vulnerabilities to your *Host PC? But can only compromise your VM?
     
  5. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Absolutely.. But i would recommend you to use your VM with Bridged networking. Trust me Bridged networking is safer option than NAT.
     
  6. Dogbiscuit

    Dogbiscuit Guest

    Why do you think that's true in this case?
     
  7. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    By using your firewall you can always block the infected guest machine from your HOST machine to prevent any guest exploits.. Bu that would not be possible in case of NAT, because IP of both HOST and VM would be the same.
     
  8. Dogbiscuit

    Dogbiscuit Guest

    You're saying that it's not possible for the guest OS firewall to block internet worms propagated from the host OS when using NAT?
     
  9. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I like the idea of virtualization in bridged mode because many attacks occur between you and where you're going. OS's are vulnerable and seem as though they will always be so.
    If you surf in the Guest, it's activity alerts attacker, either the act of surfing itself or visiting sites controlled by attackers and entry is gained.
    Host is static, protected, and a different IP. Because it is not going out to the net as often there is less opportunity for it to become compromised.
    Additionally, there should be included different security solutions on Host than Guest. If they succeed in circumventing the Guest, they need to recon again to gain ground in the Host.
    If they happen to compromise the Guest, then the snapshot ability in the VM tool clears the Guests unwanted baggage.
     
Loading...
Thread Status:
Not open for further replies.