Linux host and Linux VM, better to mix versions?

Discussion in 'all things UNIX' started by Palancar, Apr 22, 2014.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I wasn't sure which forum to place this in. Since I am using linux I put it here. With security as a consideration I am trying to think through whether or not I could gain something by using different versions of Linux. I constructed a Linux bare metal host that does just that. All internet use is accomplished through a string of Linux VM's bridged through the VPN connection of the host. The host is UFW'd to solely VPN1. Most of the VM's are running TOR in addition, but again I am trying to keep the host sort of static except for monthly OS updates as needed.

    With the above framework in mind, would there be a security PLUS to using different flavors of Linux? Perhaps a piece of malware that might execute in a VM running kernel XX, might not do anything if somehow it broke out and got to a host running a different kernel. This may sound like a silly question but to me it makes sense to consider this.

    Looking for thoughts on the subject. Candidly, its just a little tougher to use multiple versions because a few of the commands differ. I have to stop and think when I am inside of a terminal.

    My VM's are smoking fast since Linux on a high end box really flies along. Still, I wanted to consider my question and hope you'll share ideas.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Linux malware is rare enough that using the same Linux distro for both host and VMs isn't a major risk. Also, Linux distros are so similar that using different ones wouldn't help very much. Using Linux on the host and PC-BSD on a VM would help prevent Linux-specific malware from getting at your host. But so would running a Windows VM ;) But in that case, you'd want a copy with no money/paper trail to you. You could buy a used PC that came with full install disks (for cash, of course).
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    VMs are not designed to be used as security appliances.
    Mrk
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    If that is true then I need help to understand:

    Isolating my internet activity in a VM seems to be more secure/private than conducting that same activity in the bare metal host, which is directly on the machine itself. The bare metal host would reflect the "machine numbers" and it could more easily reveal the exact machine being used - if I used the host for surfing. My VM's don't reveal that true hardware config, at least that is always something I read about and have looked at in Whonix and other VM appliances I use daily. A basically static vpn locked linux host should stay clean, while the activity and dirt of daily internet use go ONLY into/on the VM's. My clean host sees no TOR activity, and no TOR relay ever sees anything on my host. Then in literally seconds I blow away a dirty VM and start with a fresh clone to begin "new again". I see that as security.

    If I am misunderstanding anything in what I just posted I beg for clarity because that is how I run.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @Palancar

    What Mrkvonic says is of course true. Even so, using VMs as security appliances is better than using nothing ;) But of course it's not as good as using different machines, on different LANs, not sharing drives of any sort, and so on.

    The comparison at < https://www.whonix.org/wiki/Comparison_with_Others > is very comprehensive.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I certainly will not argue against the value of physical isolation, but with me being so portable that is not really an option. Whonix is my "in between" level of somewhat isolation.
     
Loading...
Thread Status:
Not open for further replies.