Secure VirtualBox Set Up

Discussion in 'sandboxing & virtualization' started by frank7, Jul 25, 2014.

Thread Status:
Not open for further replies.
  1. frank7

    frank7 Registered Member

    Joined:
    May 14, 2011
    Posts:
    130
    As long as I can think I have been using Windows for my computing tasks. However with the rise of surveillance, the NSA debacle and governments willingly failing to protect the demands for privacy from their people I am thinking of a set up that will allow people to continue to use Windows but with the reassurance in mind that no user data is being sent back outside for any sort of purpose.

    How could this be achieved? (Please read till the end to better understand my thinking.)

    Just recently I started using VirutalBox and am delighted. Very plain thinking I am suggesting something like a chain of guests in each other on a secure Linux host.

    In details, perhaps a secure Linux distro (which one?) hosting Windows as a guest where the guest has no access to the outside web but only to shared folders on the Linux host as well as the printer, CD drive and the USB connectors. Like this works with Office, Acrobat, Photoshop, Illustrator etc could be done on the Windows guest and data securely saved to the shared folder on the Linux host.

    Ideally the Linux distro would have an incorporated firewall like Pfsense (or any other?) to be able to at least get email and browse the web with the local physical network adapter connected to the outside BUT clearly keeping the Windows guest from a zero tolerance leak to the outside world.

    As I understand Pfsense is a distro in itself, is that right? Can Pfsense NOT be used as a "software" that can be installed onto a secure (secure in the sense that NO user data whatsoever is sent back to ANY server for user behaviour analysis or marketing purposes) distro?

    Can multiple guests be chained in a path to have multiple layers of protection?

    I am plain thinking: Secure Linux distro as host -> inside that Pfsense as guest or included in host (if possible) -> and inside that (as illustrative flamboyant user data sharing) Windows guest.

    So for the Windows guest in question one would have to pass Pfsense and the underlying Linux distro, likewise Windows would have to "find a way out" past these two what I think it highly unlikely with settings like "Enable Network Adapter" unticked or if ticked then "Attached to host-only adapter" and naturally "cable connected" unticked.

    Would be fun to see packets magically flying through space with the network adapter disabled and the cable disconnected.

    I am sure this could somehow be done and I am sure people do it already, just how, is it wise to choose this path, are there better approaches, it is logical to do this in a computing sense and how much more protection could one want if the only task really is to be able to work with Windows without having to worry that Windows or any of the apps installed in the Windows guest can send user data to any server outside.

    I would be happy about discussion about this, various ways of doing this, keeping in mind that I am not interested in having Windows connected to the outside web, since the few tasks I do with the outside web, email and browsing can securely be achieved with a solid Linux host and should not be too difficult to set up.

    Many thanks for your insights or thoughts on this.
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    I've been working with these kind of setups a while now, using Vmware. VirtualBox would be similar. It's OK and rather manual. One thing to note is that you have a bunch of operating systems (different type!), all of which need care & attention to their security, otherwise you leave yourself open. There is no "secure" operating system, it depends how you set it up and use it. And obviously, the issues you raise at the start are not by any means tackled by improving client security on its own, though that's an important step.

    I have been following what Qubes are doing for a while, and since you are interested in the conceptual aspect of how to organise this. On her blog, Joanna Rutkowska describes how she partitions her workload, which is illustrative of the concepts, regardless of whether you use Qubes or not.
     
  3. frank7

    frank7 Registered Member

    Joined:
    May 14, 2011
    Posts:
    130
    Wow, just wow, I take a bow and thank you for the information provided.

    The more I dig the more excited I get about what is all possible and how far people are willing to go to be able to sit at a machine and do their work with peace of mind.

    Great that there is woman and men that do take a stand and try to better the world!

    I hope posting these here is ok:

    https://en.wikipedia.org/wiki/Joanna_Rutkowska

    https://en.wikipedia.org/wiki/Qubes_OS

    https://prism-break.org/en/all/#operating-systems


    SideNote: Now that I have seen

    https://lh5.googleusercontent.com/-R5IGf2M4xC0/U9KS2YVBG9I/AAAAAAAAB_A/pJlTqYxGyTo/s0/.png

    I can somewhat relate to thinking about going full virtualisation instead of Sandboxie with Windows as host and Office, Acrobat and such running on a Windows guest. The resemblance to the coloured borders like in Sandboxie is striking.

    No matter how hard I try, no matter how restrictive I set those Comodo firewall rules, I cannot be convinced that Windows is secure at least to the common outside attacks, not to speak about secretly sending user data outside on hidden channels past the firewall and all that.

    And all I want to do is write code, read email, browse the net for info about code and occasionally edit and make a few pdfs. Can't be that hard.

    Thank you @deBoetie !
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    The bow is for Joanna and colleagues....

    'Fraid I can't be too confident about anything these days, for example, there are those who worry about what's going on in various bits of bios, intel chips and other hardware/firmware which no operating system can protect, let alone what happens outside the client. All you can do (technically) is raise the bar a bit, and hopefully limit the damage. And today, I do that with a combo of Sandboxie and VMs. I don't think outgoing firewall rules are either that effective or maintainable.

    My view is that it will take years to get to a better foundation for our computing, and I am not clear what business model will drive that development, given that people who frequent these pages are hardly mainstream, and governments and some corporations are actively hostile to secure clients, and well funded.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Disable all virtual network adapters in the virtual machine that you want to have no Internet access.
     
    Last edited: Jul 26, 2014
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Agree 100% with MrBrian's recommendations. I suppose if you really want to knock yourself out, you could in addition enable the Windows 2-way firewall and block all outbound connections for everything, but I'm not sure how you could allow shared access to the linux host's folder's cd drive, usb, etc..
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    Yes, I tend to remove the virtual network adapter altogether, because I guess disabling it could be undone by malware in the OS.

    If I do need to connect again (e.g. for updates or new software), I add the adapter and use a block-all-with-ask firewall for outgoing connections, which allows me to only connect the intended services.
     
  8. frank7

    frank7 Registered Member

    Joined:
    May 14, 2011
    Posts:
    130
    Tell me, do you have any links to corps hindering secure client development, possibly even funding the opposite? Newspaper articles or even insider info, I am curious but can surly believe it with the things that go on in IT for a long time.

    Other thoughts on this.. I am thinking it would have been done a long time ago but again, just like with politics where a scared population is easy to control, so a scared end user will easily spend gazillions on security software and hardware just to be to do work without having to fear the "threat" that I guess smart IT politicians have created, since I believe that the threat from real hackers is miniscules to this "omg it's a virus" but in fact there is not even a virus, it is just an incentive to scare end users and make them buy security products, like I said, a scared or terrified population is easy to control and most of all make money from.

    Let's get together and make a corp for secure end user clients, would there be no interest from the mainstream in that? Imagine you can buy it all in a box, secure hardware and a securely virtualised OS or Windows since still most use that. I would buy one of those, hehe. Just dreaming away really..
     
    Last edited by a moderator: Aug 12, 2014
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    The weakening of encryption products/services is documented in the Snowden info, including the NSA payments to RSA, and other undisclosed commercial parties.

    More generally, the well known corporates have a great incentive to offer functionality, and to make their ecosystem a fertile ground for themselves and their partners to exploit user information and violate privacy. This privacy violation automatically weakens security. Meanwhile, good security is hard, may negatively impact user experience, and there is no incentive because those companies are not legally liable for sloppy security - they should be so.

    I'm not clear that the FUD factor works anymore, because the discrete security products are manifestly not doing their job. Much more likely as people continue to lose trust in the internet, and have bad security breaches, then they'll stop using it for significant things. I'm pretty close to that point, I'm fed up of defending myself - including from my own government.

    Regarding your dream, I think it's going to take a great deal of work and time to do it properly, and I can't see at the moment where the money will come from. The only route I can see for that to happen is if courts start to take data protection and fiducial corporate duties properly, and insist on audits and vulnerability reports in their Annual Reports. And make corporates properly liable to their customers for breaches. Now that would set the cat amongst the pigeons!
     
Loading...
Thread Status:
Not open for further replies.