[nSLUG] Security in virtual machines

George White gnwiii at gmail.com
Thu Sep 11 19:18:19 ADT 2014


> On Sep 11, 2014, at 6:44 PM, Gerald Ruderman <linux at zdoit.airpost.net> wrote:
> 
> George,
> 
> That is a good observation and better idea than mine. Let me read that
> back to you.
> 
> Set up the VirtualBox host so that it just runs VB. The only Internet
> connections it makes are to keep its OS and Virtual Box up to date.
> 
> Create one VM for normal Internet use. Create another VM for just
> financial use. Don't share directories or have network connections
> between the two.
> 
> Do I understand your suggestion?
> 
> Gerald

That's 90%, you can add another 9% by going to locked down (TLA) configuration.  There should be guides to more secure configurations than default at places like sans.edu, and you might want to choose a distro with hardened configs, e.g, centos for the 
> 
>> On 9/11/14 16:45, George White wrote:
>> 
>>> On Sep 11, 2014, at 1:20 PM, Gerald Ruderman <linux at zdoit.airpost.net> wrote:
>>> 
>>> I am using VirtualBox to run some virtual machines. Wanting more
>>> security for my financial tasks I wonder how much I would gain if I
>>> create a virtual machine that is only used for financial tasks. What
>>> would IO gain if I had a dedicated computer I only used for money matters.
>> 
>> If the host gets rooted the VMs are at risk.  Keep the host away from internet sites -- we have seen that even big name sites can serve malware so best to do web stuff in a VM, with different VMs to limit damage and using care with cross connections.
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug


More information about the nSLUG mailing list