12

Possible Duplicate:
How secure are virtual machines really? False sense of security?

E.g. on Ubuntu/Fedora - if I have VirtualBox installed and I'm running guests in it, then how can I make it harder for an attacker to get access to the VirtualBox host from the VirtualBox guests?

e.g.:
- If we set NATed network card in Vbox, then the Vbox guest can't see the Vbox host in his network, in Layer3 & Layer2, hurrah!

  • Run VirtualBox with a different user?
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91

1 Answers1

11

Here's some basic steps that I follow when I'm testing in a virtual environment.

Step one: use an operating system that differs from the one being virtualized. If you're running Linux virtual machines, use the windows VirtualBox installation. Note: I have never seen actual evidence that this helps, but I have always done it simply to stay on the safe side.

Step two: I don't have as much experience with VirtaulBox in particular with this, but make sure to disable any host/client shared directories, do not install VirtualBox Additions on the host, and configure any other available options which help segregate/sandbox the virtual machine.

Step three: Properly set up your network. Make sure that, at a minimum, the host's sub-net and the VM's sub-net are segmented. By segmentation I mean that is security and controls between the two networks (i.e. firewall, acls, etc...). One may even take it as far as not persistently networking the host machine; Set up one NIC as management that isn't plugged in until you need to actually interface with the hypervisor and connect the VMs through other NICs.

This is pretty universal for any virtual environment. Something else I would do is research exploits regarding VirtualBox. Can you find exploits that let you dos the host via the guest? exploits that let you break into a host terminal/console? etc? If you find these exploits, configure the "hardened" virtual environment and then give them a try; see if they work.

The rest all depends on what you want to do with the machine. If you just want it to be as secure as possible, than most of the work will be on the guest side of the puzzle, making sure that the OS is secure. If you want to set up a pen-test lab, then those steps should leave you at a good place to start throwing together some scenarios. If you want to tell us what you were thinking of in particular, we can give you some more help.

Iszi
  • 26,997
  • 18
  • 98
  • 163
Ormis
  • 1,940
  • 13
  • 18