Surviving the virtual machine buzz.

VMs also constitute a security threat: Trojaned VM images can be saved in a VM library, or left running by an ex-employee. Managing non-domain members is hard. Tracking down VM images is difficult.

 

Hi Bill, undesirable.
I always act pretty much along these lines.
user and process authentication
all traffic encrypted - never username and passwords in text
unique IDs
restricted ftp file transfer protocol
restricted root access over local and remote computers.
use system's superuser file
stay current with patches
logs
document security changes

hierarchy - root-admin-guest-read

 

@ Meriadoc (though others should feel free to chip in ......)

Do you ever use vm's in a Windows host - if so, how do you approach securing your guest machines and maintaining the integrity of the remainder of the local network ?

Same with linux as host - particularly, any tips for home users who are not used to working with linux.

Are there any points not covered in this thread already that you think the beginner should be aware of ?

 

HI,

Sure. Guest OSes, its just like with a physical machine and the physical machine you...
Harden, firewall, close unused ports, and disable unnecessary sevices, deamons, patch and segment the network, only machines that need to see each other can.

At work VMWare VirtualCenter is used to help manage and authenticating users. Server depends on the security settings in the server configuration for in & out and security certificates are used.

It can be complicated learning linux especially for those who only have a background in Windows. Best tip use the community! Forums, sites, news letters, all these resources offer free and excellent advice on learning and how to secure your system oh and treat learning Linux as fun.

 

My bad Meriadoc,

I meant, does your experience lead you to believe that there are any significant differences in approach when using virtual machines in a Linux host, as opposed to using them in a Windows host ?

So if you have an Ubuntu host, and you create a virtual Mepis machine within that host (any linux within linux combination) - do you feel it significantly less important, to take those steps that have been mentioned as strategically useful within a Windows box ?

Similarly, does that change for you if you run a Windows VM within a Linux host ?

We're a while away from it becoming a real issue I hope, but already cross platform viruses are becoming a slightly more tangible issue - so I wondered if you already worked with this in mind and had developed strategies accordingly. Something that new linux users who want to set up vm's might want to think about ? Particularly if they plan to host a Windows virtual machine.

 

briefly for now...yes, to a point.
Linux is versatile, and not a big target for malware although I acknowledge what your saying.
Windows is where security is needed.

 

Hi, to me Linux is secure although security is always important.

yes, but maybe, not needed. Where are you coming from with virtualization, work, homeuser, both?
See at work VMWare is a tool for the sorts of things I've put down before and not for security first, though security is always a factor and personnally from where I'm thinking goes hand in hand. There have been bugs and the jury is still out for some on cross-over between host and vms...but importantly vms are productive. VMWare is productive and security, look at ACE or Assured Computing Environment in the workplace as an example. ACE enables a security admin to lock down remotes by having a managed machine within the secured virtual machine and install it to an unmanaged machine.
Pushing productive aside, and to answer if I think there are differences in approch between Linux and Windows using vms then I'll iterate, Windows is where security is needed. Mostly everything I use at work is based on Linux...so many times I read that this or that organisation is moving from Microsoft.

 

Personally I'm a home user Meriadoc - Windows host with different guests. Mostly where I'm coming from though is pretty much in the title of the thread.

I just became aware of an increase in take up/momentum around working with vm's. There was a fair bit of discussion around the gains & fun stuff - making them sound great, which they are. They also occasionally seemed almost bulletproof, which I don't believe is the case.

What there didn't appear to be so much, was discussion about working safely & effectively with them. So even though we vary the focus a little from post to post in this thread ...... what I was principally aiming for is a thread that looked to see if there were any areas of concern for the new user - and if so, how those of us who are still fairly new, can fine tune a little to improve our security.

 

much like any honeypot there is a danger to others if not yourself if the VM is subverted and controls w\ supervision arent implemented
http://www.honeynet.org/
might be a good place to look for precautions \ best practices

 

Yes virtualization has grown immensely, helped by the cycle of renewing systems and simply the advantages it gives you, and at home with the machines around now that can handle it and the VM software.
If your going to use Linux more then I'd recommend VMWare. Its optimized for Red Hat, SUSE, Mandrake, FreeBSD and more although it just fine if you want to run Microsoft OS.

 

To look for this you must get below the malware where it is not in control. Boot from a safe medium such as a CD-ROM and look for anomalies. The way to protect is to have a secure boot system, secure hardware.

 

This is more or less my blueprint, its going to become my "surf box" W2k on Ubuntu

whereas Im going to go back to isolating my workstation (K8W) which would be W2K on Suse, Ive got the VMware workstation Beta to work with and the Tyan is first up. For now I keep everything else the same (W2K server as NAS, DAQ, some antiques) need to experiment with how lean I can make resource usage if Im going to run this on the older boxes.

 

When a system gets infected with malware like rootkits you may just have to start over, infact many recommend it because they just wouldn't trust that installation. But building a desktop can be time consuming, the best way to do this I feel is if you have a virtual machine in place. All it takes is the time to shut down and relaunch the VM to recover from nearly all infections, literally seconds.

Heres a quote from last year in an article about Malware prompting a shift to VMs

Heres SpywareInfo talking about surfing the web with the Browser Appliance.

Page One - Surf The Web In Complete Safety
Page Two - Tweaking the Browser Appliance
Page Three - Sharing Files Between the Appliance and Your Real PC
Page Four - More Apps for the Browser Appliance

A good VM to start with.

 

One question: what stops me from imaging the drive? It's simple, no configuration needed. That and backing up files and folders on a scheduled basis.
I see that VM would be somewhat better, but...

Another one : What's the main difference, security wise, between something like SandboxIE, and VM's browser appliance?

 

Nothing I just wanted to make a point that I feel VMs are best to do this in my environment, especially because of time...time=money.

Sandboxie is an excellent program and bugs are fixed quickly although I'm not sure about any leaks at the moment in ways of getting around Sandboxie, but thats the same with any program just like VMWare. One difference straight off is its small and runs light. The sandbox works like a transparency layer placed over paper. Programs write on the transparency layer and to them it looks like the real paper. When you delete the sandbox your removing the transparency layer and the unchanged paper is revealed.
The browser appliance is made up of firefox and ubuntu linux and can revert back discarding changes after shutdown.

 

@ Ice_Czar - a couple of nice links. I'm familiar with the sites, but I haven't worked them yet.

@ Meriadoc - thanks for the continued feedback.

 

You should write for sandboxie, sounds as if Ronen quoted you: http://www.sandboxie.com/index.php?FrequentlyAskedQuestions#WrongBrowser
"If you read What is Sandboxie then you know Sandboxie is like a transparency layer placed over the paper. (The paper is your computer.) When you save files (downloads, documents, emails, or anything else) through a sandboxed program, these files go into the transparency layer that is the sandbox. "

If you're referencing no known leaks, you might also want to add the caveat from here:
http://www.sandboxie.com/index.php?FrequentlyAskedQuestions#HowItWorks
"It should be noted, however, that Sandboxie does not typically stop sandboxed programs from reading your sensitive data"

"Will Sandboxie protect me from malicious key-loggers? Yes, to some extent"

 

Well Bill I dont really understand you with this post, a little dig? Hope not considering our history (our pms .) Mmm maybe I get you wrong. Anyway I've seen that analogy quoted around the web before - not just there, a good description eh! I've read it numerous times (I'll check my bookmarks) but as I was lazy and the resemblance was in my own words I see no problem.
I'm no regular user of Sandboxie and not up to date with it, 'any leaks at the moment' is just a kind way of putting it as what I do know is tzuk is open to comments and fixes things if possible quickly. Note I did say 'I'm not sure about' and said nothing about 'no known leaks' nor did I referencing anything!

 

It was my attempt at humor. Sometimes it doesn't come across in text well though, sorry about that.

 

a transparency layer placed over the paper. - Infopackets Windows Newsletter

Sandboxie sandbox works like a transparency layer placed over the paper - Dr.Bill The Computer Curmudgeon

Sandboxie sandbox works like a transparency layer placed over the paper. - YubNub.org

many more Bill

 

Yes I know this, that is the trouble with forums...plus language barrier - as a Welsh speaker - it doesnt click sometimes, try a smilie, it wont hurt.
Now how about something on subject.

 

in forum parlance this is like one of those awkward moments when a conversation dies
he said as neidiodd o'r badell ffrio i'r tan


was reading through TNT's dangerous trojans thread from last summer
https://www.wilderssecurity.com/showthread.php?t=136452 (Gromozon)
and doing a little further research on the always changing strategies these guys employ (very clever stuff)
HTML google cache \ PDF
multiple exploits, custom response based on the detected browser, social engineering ploys, secondary payloads, encryption and obfuscation, rootkits and ADS, and wont run in a virtual environment a plus from some viewpoints, but keeps AV researchers from having a nice orderly zoo.

a nice fringe benefit if its a widely adopted strategy and your not researching

 

Keyloggers? well, they won't stop keyloggers that act within the sandbox. What he calls "Windows Message Key-Loggers".
Anything else, supposedly, is dead the moment it gets in the sandbox. If not, that's a leak.

Reading sensitive data? I don't think it's one of the features, could be in future. Sensitive data should be protected from being read. Not a function, not a leak. Maybe i'm wrong.
I'm still new with SandboxIE, but, now that i searched, i found i have this option:

Hey!

Anyway, i was comparing SandboxIE and VMware browser appliance, to see technical differences. To ask. Not discussing SandboxIE. Sorry if i was misunderstood.

 

'he said as neidiodd o'r badell ffrio i'r tan' he jumped from the frying pan into the fire

Okay my recommendation for Windows user...
Linux foundation, a trim version, virtualization software, Windows.
On boot up virtualization software starts and loads Windows, set to full screen. It will just look like your running Windows with everything your use to.
Benefits = Power and security of Linux.

 

Since i don't like to "tackle" anyone, i want to stress that i wasn't doing that here either, specifically Bill@GreenBorder.
But you have to understand, i'm running SandboxIE, AND IT HAS TO BE PERFECT!