VM hardening

Discussion in 'sandboxing & virtualization' started by BoerenkoolMetWorst, Jan 23, 2011.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    I was searching online about hardening of VM's to prevent host infection if guest is infected. For example, shared clipboard is enabled by default, so the Guest OS can see the clipboard content if you copy something on your Host OS.
    I've found some interesting posts/links in this topic about VM hardening:
    http://communities.vmware.com/message/1164467

    However, most of them involve changing the advanced settings and the .vmx file, but I can't find Advanced settings anywhere, and the contents of my .vmx file are quite short. All those strings/keys mentioned are not in my .vmx file at all.

    Does somebody know more about this? Perhaps it's because I'm using the free VMware Player and it's limited?
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    You add them to your .vmx file.

    example : add monitor_control.restrict_backdoor = "TRUE" to the vmx file (configuration file) when looking at malware

    although be mindful that you may be mixing hardening vms with breaking functionality.
     
    Last edited: Feb 4, 2011
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Don't know or ever looked at hardening my VM's but Host is always virtualised here.
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    ...some options I may use depending on the setup apart from the vmx configuration,

    VMWare for Linux : (Linux host, Windows guest.)
    VMWare Fusion for my Mac : (Mac host, Windows guest.)
    VMWare Windows will run limited, shadowed, virtualised.
    Run on a dedicated machine.
    All vms are stored on their own harddisk.
    Backup.

    There's quite a bit you can do from configuring the vm through the vmx file, not installing vmtools to stripping out 'vmware related references.'
     
    Last edited: Feb 4, 2011
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Thank you for your replies. I tested adding the lines to the .vmx file and it works. If you want to disable the shared clipboard, be sure to change the string to disabled and the value TRUE instead of enabled and FALSE as the second doesn't seem to work correctly.
     
    Last edited: Feb 7, 2011
  7. wat0114

    wat0114 Guest

    Just run your VM in a limited host account. You could also try sandboxing (using SandBoxie) your VM. A member, ssj100 in this forum has successfully done that.
     
Thread Status:
Not open for further replies.