On 09/05/2012 09:52, Ingo Strüwing wrote:
All my virtual hosts run with Internal Interfaces as far as networking is concerned, so there is no special network access that the guest has to the host system. There is a single interface (the external firewall interface) which is set to bridged on to the external interface of the host system. My host system runs a iptables ruleset (this does not affect the bridged traffic, but does affect traffic from the Internet and to the host itself from the guests - they just appear as hosts on the Internet anyway), as well as a IDS (Intrusion Detection System). My main concerns regarding guest --> host post-exploitation would be USB & CD / DVD passthrough - this is where the guest system has direct access to the hardware devices. VRDP sessions not using proper authentication (VRDP is considered a console session, not a remote session). There are also some security issues concerning with hardware 3D video acceleration - I don't really concern myself with these.Hi,Am 09.05.2012 09:29, schrieb John:Hello. Is the environment of my guest OS secluded from the host OS in such a way that, if I get an intrusion or malware problem from the internet on my guest, my host OS would be totally secured from it? For example, if I put a website up on the guest and it gets compromised, can my host be affected? In a worse case scenario, could I just rebuild the guest, or restore from a clean backup?IMHO there is no "normal" way to get control over the host from a guest. But in theory there might perhaps be bugs in the VirtualBox software that could be exploited.
My servers have no USB controllers, no CDROM passthrough and no 3D video acceleration. I do however run Guest Additions.
There does appear to be some message passing capability between host and guest and vice versa, so some custom configurations might have the propensity to be exploited this way.
-- Best Regards, Giles Coochey, CCNA Security, CCNA NetSecSpec Ltd [email protected] Tel: +44 (0) 7983 877 438 Live Messenger: [email protected] http://www.netsecspec.co.uk http://www.coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ VBox-users-community mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vbox-users-community
