Virtual Machine Privacy

Discussion in 'privacy technology' started by SDRS, Aug 10, 2013.

Thread Status:
Not open for further replies.
  1. SDRS

    SDRS Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2
    Location:
    United States
    Hello Wilders,

    I have recently discovered the fascinating realm of virtualization! I have been doing a lot of research on it, and I am interested in learning how to properly set up a virtual machine to ensure privacy.

    I have not been able to find any information on what I am currently researching. I hope Wilders can help. :)

    I am using VirtualBox to run a few Linux guests with my school's VPN to help with my learning. (It's free and easy to use. So it's a good setup to experiment with.) The following questions all apply to guests that are using the internet. I would like to know if there is any way in which somebody could determine that the guest is a virtual machine rather than an actual physical computer. And if so, is there any way for somebody to determine any information about the host? And if so, can enough information be collected so as to identify that the various virtual machines are all running from the same host?

    I know that using a program written in Java allows the owner of the program to potentially gather a lot of information about the computer using the program. I am particularly interested in how the questions I have apply in the context of using a Java program online.

    What peaked my interest in this is that I know that many people have to use virtual machines and VPNs to protect themselves in countries with strong censorship. I've heard that people will use a different machine (each with a different IP) for each of their different needs. (e.g. casual surfing, political writing, etc.) If other people on the internet are able to link the various virtual machines all to the same host, then that could be a big problem! (Especially if they end up determining the identity of the host.)

    I'm still very new to virtualization, so if I haven't clarified properly or I am using terms improperly, please let me know!

    Thanks,
    SDRS

    On a side note, are there any other flaws to VPNs besides DNS leaks when it comes to identifying the individual using them? (Disregard logging that might be done by the company providing the VPN).
     
  2. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    The biggest tell used to be Flash and Java revealing your GPU driver as Oracle or VMWare. Now on the Jondonym test and Browserspy.dk the GPU manufacturer doesn't show up anymore so maybe it's been blocked/fixed.

    If you run your VM's in a bridged networking mode, they show up on the network as their own hosts, they will use DHCP and DNS through the router so the VM's MAC addresses will be in the access point logs. When bridged, the VM talks directly to your network cards. You can disable all networking in the host to prevent it from leaking and the virtual machines will still have full network/internet connectivity. In NAT mode, everything is channeled through the host OS so the only connection records will be from the host's MAC. The access point admins can then see that your VM is only online when your host is and they'll share the same internal IP so that would be a tip-off.

    More intense fingerprinting could figure out the VM's hardware profiles and nmap could probably figure out they're on one machine regardless of bridged/NAT modes. Either your outside IP address would be needed, or you'd have to connect to a hostile network or website from the VM.

    Also make sure your clipboard is disabled in Virtualbox so the VM can't read stuff you've recently copied or cut in the host OS. Drag and drop further blurs the lines between guest and host and I'm not totally sure what allowing Guest Additions will open you up to, others on here probably do.
     
    Last edited: Aug 10, 2013
  3. SDRS

    SDRS Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2
    Location:
    United States
    Thank you for the excellent information penguin. I really appreciate it!

    I am now quite interested in the guest additions. I had not given them much thought until you brought them up. Truth be told, I am not even aware of everything guest additions does! I had installed it to enable full screen out of convenience.

    I hope you're right that others have more information. This is all very interesting, and I've already gathered more information from your post than from hours of my own research. (It's tricky finding what you need to know when you don't know the proper terms to search with. Also, being a newby doesn't help.)

    Do you have any advice on a good guide for setting up a secure bridged network? I've been trying to install a VPN on my virtual machines today with no luck. I eventually realized I need to use a bridged network instead of NAT, but I have been unable to get an internet connection with a bridged network. After asking on the virtualbox forums, I was told I need to have a DHCP server running or assign a static IP to each VM. I don't know how to do either of these. Time for more research!
     
  4. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Needing a DHCP server running just means you need to go into your router's settings and enable DHCP for the local network. Usually this is on by default, consumer routers don't ship with static IPs enabled but you should check to make sure. If you don't have a router and you're connecting straight to a modem, then tha twill be the DHCP server.

    Try to ping the router or modem from in your VM. If that works, try renewing the IP address for your VM. If it doesn't work, then you've got a problem with VBox's setup.

    In bridged mode you gotta be careful that you're using whatever interface the Name property says in Virtualbox's netowrk settings window. If it's set to eth and you're using wifi then the VM's internet won't work, you'd have to set it to wlan...and vice versa.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    I do :)

    But I use nested chains of VPNs, rather than multiple independent VPNs. And they use virtual networks of pfSense VMs, not NAT or bridging to the host (except for the first VPNs in the chains).

    Some of my hosts run VMware, and some run VirtualBox. But I don't particularly care if someone can figure out which use one or the other. There are many users for each. Qubes would be more unique, I admit ;)

    I'm not aware of anything that leaks unique host information to VMs. And I'm not aware of anything in guest additions that does that. You do want to avoid shared clipboard and USB, and be very careful using shared folders.

    Well, you want to prevent leaks if the VPN connection goes down. I'm not aware of any other flaws in OpenVPN or IPSec. PPTP is useless, of course. As long as the VPN provider doesn't compromise you, and there are no leaks, the major threats are traffic analysis, browser fingerprinting, browser exploits and phone-home malware. But those aren't VPN problems, per se.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    In VirtualBox, NAT is much easier than bridging. As awkwardpenguin said, with bridging you must use an adapter that's actually connected. As you got on the VirtualBox forum, that adapter either needs to see a DHCP server (on LAN or WLAN) or have an appropriate static IP (much harder to get right).

    Using VirtualBox NAT, VPN clients on the VM should just connect.
     
Loading...
Thread Status:
Not open for further replies.