Hello, Giles. I have a couple questions about what you said.
On 5/9/2012 4:08 AM, Giles Coochey wrote:
> On 09/05/2012 09:52, Ingo Strüwing wrote:
>> Hi,
>>
>> Am 09.05.2012 09:29, schrieb John:
>>
>>> Hello. Is the environment of my guest OS secluded from the host OS in
>>> such a
>>> way that, if I get an intrusion or malware problem from the internet
>>> on my
>>> guest, my host OS would be totally secured from it? For example, if I
>>> put a
>>> website up on the guest and it gets compromised, can my host be
>>> affected? In
>>> a worse case scenario, could I just rebuild the guest, or restore from a
>>> clean backup?
>>
>> IMHO there is no "normal" way to get control over the host from a guest.
>> But in theory there might perhaps be bugs in the VirtualBox software
>> that could be exploited.
>>
> All my virtual hosts run with Internal Interfaces as far as networking
> is concerned, so there is no special network access that the guest has
> to the host system.
> There is a single interface (the external firewall interface) which is
> set to bridged on to the external interface of the host system.
If I understand you correctly, you said that the guest OS is able to see
only the external internet zone and that it has no connection, restricted or
otherwise, configured (or configurable by an exploit) allowing an interface
with your host. In other words, for all practical purposes, it is not part
of your LAN. Is that correct? Also, how is the bridged aspect of it helpful
in this regard and how did you accomplish that?
> My host system runs a iptables ruleset (this does not affect the bridged
> traffic, but does affect traffic from the Internet and to the host
> itself from the guests - they just appear as hosts on the Internet
> anyway),
Are you saying that your host can see the guest as if the guest were any
other external computer coming from the internet? If so, what does your host
see as the IP of the guest while it is recognized as an external computer
and vice-versa? Thanks.
> as well as a IDS (Intrusion Detection System).
Without going into any details, what system are you using for an IDS, if you
can say?
> My main concerns regarding guest --> host post-exploitation would be USB
> & CD / DVD passthrough - this is where the guest system has direct
> access to the hardware devices. VRDP sessions not using proper
> authentication (VRDP is considered a console session, not a remote
> session).
> There are also some security issues concerning with hardware 3D video
> acceleration - I don't really concern myself with these.
>
> My servers have no USB controllers, no CDROM passthrough and no 3D video
> acceleration. I do however run Guest Additions.
>
> There does appear to be some message passing capability between host and
> guest and vice versa, so some custom configurations might have the
> propensity to be exploited this way.
What types of messaging capability exist? Thanks.
John
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
VBox-users-community mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vbox-users-community
