Security about VirtualBox

[Leloup78]

Bonjour,

I wonder about security when using virtual machines. I would like to know if there is a site or a topic in this forum dealing with this sensitive subject.
As for me, I use Win10 for the host and Linux Mint for the guest.

Regards,

Leloup78

[scottgus1]

There's no specific forum topic that I know of. Let's make a customized one here. What's your question(s)?

[Leloup78]

Bonjour,

In fact, I need some advice.
I had read somewhere that using virtual machines requires extra precautions in terms of security.
What do you recommend?
- encryption of VirtualBox?
- encryption of the guest?
- VPN at guest level?
- other?
Regards,
Leloup

[mpack]

I had read somewhere that using virtual machines requires extra precautions in terms of security.

Talking in generalities is rarely useful. Who said that, and what exactly is the problem envisaged? I don't see how we can answer a question without knowing what the question is.

A VM can be thought of as two PCs with a secure connection between them. I'm not aware that the second PC being a VM makes it require any special precautions. Entirely usual precautions should be fine, or less if the second PC has no Internet.

[scottgus1]

+1 to Mpack's thoughts. You need to be more specific on what you're worried about. Web-searches on VM security in general might help you.

encryption of VirtualBox?

Can't be done, unless you encrypt the whole host.

encryption of the guest?

Can be done, but:

Encryption is only a way to prevent folks from stealing your data when the computer is off. When the computer is on, encryption is decrypted on the fly, and malware can get at your data. So encryption does not protect against malware.

Like Mpack points out, if you consider a VM as another computer in your network, and you secure it using the usual methods you'd use on a regular PC, then you'd be OK.

[Leloup78]

It was a conference held by a network manager at Nokia. A specialist if you will who manages several data centers. I don't remember his name. It doesn't matter. It's just to serve as an introduction.
Malware that steals files from your PC does exist. I don't know the sizes of the ones you use but my VMs are from 20GB to 40GB. With fiber, today, it takes 10 minutes at most. It's easier than on a traditional PC where locating files is more difficult. Guest encryption can help protect. If a malicious software places a sniffer on the host, you may have to think about installing a VPN directly on the guest.
These are just a few examples, but hackers are not short of ideas. I'm not looking to get perfectly secure. It's a dream, but I'm trying to improve my system to force hackers to spend a lot of time to achieve it.
Regards,
Leloup

[mpack]

Malware that steals files from your PC does exist.

Granted, but the question was about the special precautions needed for a VM. All of the concerns you mention apply regardless of what kind of hardware your PC has.

If this scenario supposed that your host is already infected by malware (since I don't see how else an entire VM can be stolen) then the presence of a VM seems rather irrelevant. I don't know about you, but everything of value on my PCs is in fact on the host. If you have access to my host then you don't need the VMs.

But... I should also say that if you allowed such malware to be installed on the host PC then your security practices are sadly lacking!

[AndyCot]

Better to hire a IT security expert.

[Leloup78]

Bonjour,
There are a few tips that can be given:
General:
When creating custom virtual machine images, apply the latest updates.
Ensure that virtual machines are always up to date.
Back up your virtual machines.
Use multiple virtual machines for resiliency and availability

Data security:
Encrypt operating system disks.
Encrypt data disks.
Limit the number of installed software.
Use anti-virus or anti-malware software. In my case, it will be on the host.
Store secrets and keys securely.

Networking:
Restrict access to management ports
Restrict network access.

Regards,
Leloup

[scottgus1]

Good ideas! All of which are applicable to every computer, physical or virtual.

Note that host AV can theoretically (quite likely actually) read into the VM's memory and disk space and interfere with the VM's data. Which is a problem, because the host AV doesn't tell the VM OS it's modifying the VM's data, so the VM OS may crash.

Better to tell the host AV to stay out of the VMs, and run separate AV inside each VM.

Note still that encryption will only prevent data loss when the computer, physical or virtual, is turned off. When the computer is on, encryption is decrypted, and data is readable/stealable.

[Leloup78]

I suppose AV = Anti Virus

[scottgus1]

Yes.

[Leloup78]

Bonjour,
I don't know if this is a new idea. It would be to use sandboxes in the host that would contain the virtual machines. This way, the machines would be inaccessible to the Anti Virus and to attacks coming from intrusions on the host.
With Linux, this already exists but with Windows, as in my case, I don't know if there are sandboxes.
Regards,
Leloup78

[Leloup78]

Bonjour,
I found this link.
https://github.com/sandboxie-plus/Sandboxie/
It seems interesting but the explanations are rather sketchy.
https://sandboxie-plus.github.io/sandboxie-docs/
Have you ever used this application? I haven't at all.
You can put a virtual machine in a sandbox but then you have to set it up. A whole program.
To try...

Regards,
Leloup78

[mpack]

A VM is already a kind of sandbox. Putting one sandbox inside another... I fail to see the point.