How to restrict some Networking Modes?

This is for discussing general topics about how to use VirtualBox.

How to restrict some Networking Modes?

Postby chablet » 30. Jul 2021, 01:25

Due to some security concerns, my company is removing VirtualBox VM from all machines.
The claim is by having the "Bridged networking" available which is bypassing some network controls (i.e. AD based firewall settings in Windows 10).

Is there a way (via Registry Settings for example) to restrict some of the Networking Modes?
This way, admin people can reduce "the risk" by disabling configurations like Bridged networking.
chablet
 
Posts: 1
Joined: 29. Jul 2021, 18:15

Re: How to restrict some Networking Modes?

Postby scottgus1 » 30. Jul 2021, 03:21

Bridged will bypass the host OS's network stack completely, if I understand correctly. See Virtualbox Networks: In Pictures: Bridged Adapter

Virtualbox can be installed without Bridged networking. If your IT dept has sufficient control of what and how programs get installed on the computers, it can turn off Bridged during Virtualbox installation or upgrade, then no VMs can Bridge.

I understand it is also possible to configure a fancy-enough network switch to not allow more than one computer to network through the switch port, which would also block Bridged, since Bridged VMs would appear as separate computers to the network. This setup is controlled in the switch's configuration, not by Virtualbox settings or installation, and might be even more controllable than setting Virtualbox installation parameters.

NAT and NAT Network do go through the host PC's network stack, so they should comply with host networking restrictions.
scottgus1
Site Moderator
 
Posts: 13296
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How to restrict some Networking Modes?

Postby BillG » 30. Jul 2021, 09:34

I would certainly think that is the way to attack the problem. It would prevent the vm from all direct access to the company LAN. The only way it can access the network is through the host's LAN connection. Any attempt to use bridged mode would fail, since bridged mode requires the vm to have its own port so that it can acquire is own IP etc from the DHCP server on the LAN.

We occasionally see posts on the forum from users on corporate LANs who cannot get bridged mode to work, and "one port per connection" settings on the switch is usually the cause.
Bill
BillG
Volunteer
 
Posts: 4840
Joined: 19. Sep 2009, 04:44
Location: Sydney, Australia
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 7,8,Server

Re: How to restrict some Networking Modes?

Postby mpack » 30. Jul 2021, 10:47

This seems excessive to me, or based on a misunderstanding.

E.g. at my work it simply isn't possible to use Bridged Networking to access the company LAN, because the VM would be seen like any other unknown PC: not on the whitelist pal, byeee! I would be amazed if your office LAN allows unknown laptops to connect to anything.

Disabling the bridged feature would be like asking guests to disable their WiFi. Yes you could do it, but it's hardly a substitute for actual security.

What is the goal here? Is it securing the LAN, or it is stopping employees visiting questionable sites on company time?
mpack
Site Moderator
 
Posts: 34723
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP


Return to Using VirtualBox

Who is online

Users browsing this forum: No registered users and 11 guests