3

I don't really know anything about computers. I need to run a virtual Windows machine inside an Ubuntu system. My current setup uses a stripped down version of Windows XP on VirtualBox. I intend to use RDP (Remote Desktop Protocol) regularly to connect into the Ubuntu host.

Is it possible for a program (or user RDP'ing into the virtual Windows environment) to find anything about RDP activity into the host, specifically where it's originating?

If so, are there any settings I can toggle for either Linux, Windows or VirtualBox to prevent this activity from being detected? Or must I go with an entirely different virtualizer, choice of OS or setup altogether?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
user5654
  • 41
  • 1
  • 3
  • 1
    See this prior question, which already covers the same ground: [How secure are virtual machines really? False sense of security?](http://security.stackexchange.com/q/3056/971). – D.W. Oct 30 '11 at 01:40

2 Answers2

1

Your XP box should only be able to find out that it is a virtual machine(via hardware detection) and where the RDP connection appears to originate from. I say "appears" because this can be gotten around with technologies like Network Address Translation(NAT).

VMWare might have a bug in their code that allows code from within the virtual environment to escape and run on the physical host. I feel that, in your case, you are probably(See @D.W.'s comment below) safe from that because you are running a different operating system.

Under a default install of VMWare, it is possible for code on the virtual machine to attempt to connect to the physical host via SSH, SMB, or other similar network protocols, including RDP. The way to prevent this is to turn off networking entirely for the virtual machine. However, this will also prevent RDP from working. Short of disabling networking entirely, set the virtual machine to be in a host-only network and make sure that your Ubuntu firewall is turned on. Ubuntu should be set to reject all connection attempts from the XP machine.

Kevin M
  • 111
  • 1
  • 1
  • 4
  • 2
    Useful answer. However: *"you are safe from that because you are running a different operating system"*: this is not accurate. If VMWare has a bug that allows malicious code in the guest and escape to run in the host, then the fact that the host OS is different is not a reliable protection against attack. – D.W. Oct 31 '11 at 03:58
1

Virtual machines use a virtual network device on the host machine to be able to route traffic into and out of the virtual machine. The host machine will be able to see the network activity of the virtual machine because the host is communicating on behalf of it. the virtual machine on the other hand may or may not be able to see host traffic depending on how it is setup. You can set it up as a bridge or a nat'ed connection. if setup as a bridge, in most cases the virtual machine will be able to see traffic intended for the host. Setting it as a nat connection will (by abstraction done by the chosen virtualizer software) prevent the virtual machine from seeing the traffic headed for the host. (though the host will still see it.

Zeb
  • 666
  • 3
  • 14