Valvaris - Virtual Config.

[valvaris]

Hallo to all,

time for a new Config. and that one is a little of an overkill but still offers very good protection.

ATTENTION: The Infrastructure is a little different since the configuration is not normal for daily users! RAM: 16GB

For this Setup you need two NIC Cards and a Router / Switch that supports VLAN plus a little knowledge on Sub-netting for minimum Host /30 Network

What was my intention? Splitting the Network in two parts - One for the Hostsystem and one for VMWare. The Job of the VM-Image is Internet Browsing it has a Windows10 with local user (No Admin) Creators Update AV is Windows Defender with all Windows Settings Maxed - Smartscrenn, UAC and so on... plus VoodooShield - Windows Firewall configured that only allows HTTP and HTTPS from Firefox.

The Host-System is locked down with Kaspersky IS 2017 and configured that Applications have to be trusted to run properly. All browsers are Deactivated or Blocked by Rules (Hostsystem). This config. will have issues for Applications that use Browserhooks to run. (Gamelaunchers) If so a Rule is created for the Application to run properly and only for that type of Application.

Since the two systems are unknown from each other via VLAN those two are isolated in case something happens.

For the convenience of Browsing I use the Unity Mode in VMWare to have a nice experience.

(VMWare) No ShareFolders or Clipboard connection - Files are Shared via Router NAS function - USB Drive

What u guyz say about my config.?

Best regards
Val.

 

[Rengar]

Good Config!
Thanks for sharing it.

 

[mekelek]

this is some next level paranoia right here. and i thought i'm paranoid.

 

[Exterminator]

Secure config! Thanks for sharing it with us

 

[valvaris]

I am glad to help out. This Community gave so much inspiration on how some different malware types work and on allot of them there is quite some very good Documentation.

@Staff MalwareTips is it normal that I can not change the Prefix of the Title?

Sincerely
Val.

 

[Deleted member 178]

@Staff MalwareTips is it normal that I can not change the Prefix of the Title?

Prefix of this thread's title ? yes , because it is granted by the staff based on several criteria.

 

[valvaris]

Cool thanks @Umbra

Next Step is to write a Detailed Step-by-Step on how to configure it. For those that want an isolated System for the internet to browse ^^ With no limitations.

Best regards
Val.

 

[Deleted member 178]

Maybe you didn't know , but you are in a more "limited" way replicating Linux Qubes

 

[valvaris]

Hello @Umbra

just got to know Qubes but as is, this is very inconvenient even in a VM. Why is simple, need a separate machine to run Qubes as intended like a Tear1 Hypervisor - Then if I want to Browse need to Remote connect to it or have a second monitor to browse the internet.

With this VM config. It is similar to this but still ways more different! The Network is separated on two VLANs like that I can Isolate the Systems form each other. The Other Part is convenience have a snapshot of the VM and if the current VM is infected in anyway I just need to restore. The plus part is unity on VMware even if the two OperatingSystems are on the same Machine - Host and Guest - I have a little shortcut on my Taskbar for Firefox (example) and my VMstarts up with no critical data in it. Why not use DeepFreeze or such in a VM is simple... There is Malware out there that can avoid these technics. Is it better as Qubes, no it is not! But why not use a Linux distro in VM? For me personally I know little about Linux/Unix systems... But am very good in Windows OS. Why use Windows 10 64bit? Had a License. Strip everything Windows 10 has to offer and create a dump UserAccount that can not do anything! Windows Firewall Deny all and only Allow Firefox to communicate. (1337)

The major down part is massive overhead on RAM since both are 64bit OS 3 - 4 GB is reserved on the System!!! (Host OS 1,2 - 1,6GB and VM 2 GB)

So allot of RAM is needed if you want to play games and such... The other part what I try to script is snapshoting on start plus delete after shutdown. Like this the VM-Baseline is always 99,9% safe. (Need to figure out how?!)

EDIT: Got it to work Just create a Snapshot use that as Baseline and go in to Settings for the current VM --> Settings --> Snapshots --> Revert to snapshot on Shutdown! Now you will have a fresh start when you start and changes to it will not be saved! ^^

That is why I love being here you guyz just push me to my limit and it is allot of fun to learn more...

Thanks for that Umbra

Sincerely
Val.

 

[Deleted member 178]

I thought about your concept in the past but i didn't and still don't have the hardware to run a VM permanently

 

[S3cur1ty 3nthu5145t]

I have run something similar to this in the past, except it was a Linux Host and Windows 8.1 "before windows 10 came out"Guest machine. Now i run a modified version of this.

Windows 10 Pro Host with Windows default security and Appguard, Vmware with Windows 10 pro, also with default security and Appguard, mostly used for testing malware and appguard, also used for testing updates/upgrades to windows before hitting the host, and for researching on the net. I have Vmware placed in guarded apps of appguard to negate potential via memory exploits, the Guest machine fully Isolated from Host, and run a VPN in the Guest machine for that encrypted tunnel as well as ad tracker and malicious website blocking. This is done in Incognito mode of Chrome, with most of MS's Privacy settings disabled. I have a Base snapshot, and then its children for these different uses which can be reset at any given time. Appguard in both Host and Guest are configured and are locked down when i hit the ground running.