How do I secure a vm?

LukeLovesSecurity · Aug 16, 2017

I would usually use Virtual Box when going in dangerous situations, however for my next tests I will be using the deadliest of deadly malware, exploits, and viruses. How do I ensure nothing bypasses my vm?

AlanOstaszewski · Aug 16, 2017

You should use a VPN while testing. You shouldn't activate in Virtual Box settings like "Drag & Drop". Create a restore point (of the VM image) before testing.

Winter Soldier · Aug 16, 2017

Usually the VM offers a high security standard, it is quite difficult for a malware can break the isolation by running malicious code on the host system (if you don't enable the shared folders and "drag and drops" like said above).
It is true that some specific vulnerabilities could allow this, but:

1) Generally these vulnerabilities are fixed in a fast enough way.
2) A malware that can exploit unpatched vulnerabilities, has to be designed just for this specific purpose.... objectively very difficult.

Of course, who is testing malware, he is playing with fire, and the risk exist, nothing is 100% safe in this context, but in my experience no malware has escaped my VM.

lab34 · Aug 16, 2017

Hello,
network in NAT mode for a better isolation
Chapter 6. Virtual networking

JHomes · Aug 16, 2017

Basically limit the networking and sharing features. Ensure it's on it's own.

LukeLovesSecurity · Aug 17, 2017

lab34 said:
Hello,
network in NAT mode for a better isolation
Chapter 6. Virtual networking

If I use NAT mode, will my vpn on my host machine still anonymize all my vm traffic?

lab34 · Aug 17, 2017

LukeLovesSecurity said:
If I use NAT mode, will my vpn on my host machine still anonymize all my vm traffic?

Hello,
yes, NAT mode just ensure that your VM and your host are isolated, except for the VM>Internet link. But you are reaching internet the same way, in bridge or NAT. If your VPN is ON inside the VM, you go through the VPN. If the VPN is OFF, you are exposing your public IP.

On the link: Chapter 6. Virtual networking check the "Table 6.1. Overview"

Stenly · Aug 23, 2017

Also, run the vm in a sandboxed envonriment

LukeLovesSecurity · Aug 24, 2017

lab34 said:
Hello,
yes, NAT mode just ensure that your VM and your host are isolated, except for the VM>Internet link. But you are reaching internet the same way, in bridge or NAT. If your VPN is ON inside the VM, you go through the VPN. If the VPN is OFF, you are exposing your public IP.

On the link: Chapter 6. Virtual networking check the "Table 6.1. Overview"

So I would have to have the VPN inside the VM aswell? Or am I covered if I just use it on my host?

lab34 · Aug 26, 2017

LukeLovesSecurity said:
So I would have to have the VPN inside the VM aswell? Or am I covered if I just use it on my host?

Hello,
To be honest, I did not test with the VPN on the host. I did all my tests with the VPN inside the VM, in NAT mode, and no VPN on the host.
I'm using the Windscribe windows client in the VM.

Search

Search

How do I secure a vm?

LukeLovesSecurity

Level 4

AlanOstaszewski

Level 16

Winter Soldier

Level 25

lab34

Level 6

JHomes

Level 7

LukeLovesSecurity

Level 4

lab34

Level 6

Stenly

Level 1

LukeLovesSecurity

Level 4

lab34

Level 6

You may also like...