2

The Question:
Are there any major security risks I should be concerned about, caused by installing Windows Server 2008 R2 onto a Linux Host in VirtualBox?

I run an Ubuntu box, with a fully-secured iptables setup, which blocks all external traffic except for one or two ports which run an OpenSSH server (which requires key-based authentication only), but am curious as to whether any other security risks are apparent which I should be concerned about.

Info about use of the Windows Server 2008 setup:
This is a dev environment, being set up for SharePoint Foundations, along with full SQL Server 2008 (latest version). Myself and two other machines on my network (which are also owned by me) would be accessing the system from an internal network. No external internet access is necessary, but internal network access is (already handled by an iptables rule to allow connections into the host machine)

AviD
  • 72,138
  • 22
  • 136
  • 218
Thomas Ward
  • 731
  • 1
  • 7
  • 24

2 Answers2

5

Chris is basically there I think.

In my opinion, the best way to treat virtual machines is to not think of them as virtual machines but actual physical computers, with the advantage of being able to image them faster. Ask yourself if you installed another physical windows box on your local LAN what problems it would introduce. Consider that it needs the same defences.

The reason for this is that the temptation is to trust all network communications from a VM and think "it's a VM, so it is secure". Provided you realise you need some level of protection for the VM too as it can attack your host and your host can attack it if either is exploited, mostly, you should be fine.

There is current research into red pill techniques, as in "escaping the matrix". The idea is that if you can exploit a bug in the virtualisation hardware/software from the guest you might be able to exploit the host. Right now, I don't think that is much more than a research/theoretical/lab conditions issue, but I expect given the sheer amount of virtualisation going on, it will eventually be something we have to contend with.

I and others have answered some other points on the question of using virtual machines as a security measure for desktops, which might also interest you.

Community
  • 1
  • Upvotes to both of ya, but because you went into a bunch more detail, Ninefingers, I'm marking your answer as accepted. Thanks for the response. – Thomas Ward Aug 01 '11 at 19:16
3

In theory anything that adds attack surface is a risk. You're adding attack surface - so adding risk. As you're only accessing the Windows machine from the internal network, the risk is reduced. Your biggest enemy will be viruses that propagate on the LAN from one infected host to another. Unless you start webbrowsing from the Windows server, then you're opening a whole new box of risks.

chris
  • 3,000
  • 14
  • 22
  • 1
    Why would a sharepoint server get a virus? If you did, I'd say [you're doing it wrong](http://xkcd.com/463/). Also, I think you may be confused between "virus" and "worm". But still, +1 for the first half of the answer - adding risk by increasing attack surface is really the only answer. – AviD Jul 27 '11 at 21:18