VMWare

Data that travels over the air and how to protect (or decipher) it

VMWare

Post by SledgePalm on Sun Jul 14, 2013 12:26 pm
([msg=76452]see VMWare[/msg])

Hey,

I had to set up a virtual machine for work, but I only did it as a computer they can store on a thumb drive and open it on any host computer anywhere with out actually taking the host with them.

But I was wondering about the security benefits it might have. I have done some reading and I know that VMs are used a lot for virus protection but can make you at least somewhat more unanimous?

Thanks,
Sledge
SledgePalm
New User
New User
 
Posts: 6
Joined: Wed Jun 05, 2013 6:22 pm
Blog: View Blog (0)


Re: VMWare

Post by mShred on Sun Jul 14, 2013 12:35 pm
([msg=76453]see Re: VMWare[/msg])

Well I've used VM's a lot for running potentially harmful things. Say I need to download some sort of sketchy software, download and run it in the VM and check to see if it's flagged or not. But it seems like your purpose is kind of the opposite. It doesn't necessarily add in any more security than a normal computer would. The biggest thing is that it keeps your VM and your physical computer separate. If one gets infected, the other will be fine.
Other than that, idunno. Not really sure what kind of security benefits you're looking for with it.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1766
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: VMWare

Post by SledgePalm on Sun Jul 14, 2013 1:55 pm
([msg=76459]see Re: VMWare[/msg])

I knew that it would protect from virus and the like. I just wondered if it did anymore.

Is there the risk the someone that makes malicious software would expect a VM to be used and therefor create a virus that can be transferred from the VM to the host? (not including if the files are shared)

Also, the only free Vm I know of is VMWare player. if you don't mind me asking, what do u use?
SledgePalm
New User
New User
 
Posts: 6
Joined: Wed Jun 05, 2013 6:22 pm
Blog: View Blog (0)


Re: VMWare

Post by centip3de on Mon Jul 15, 2013 1:58 pm
([msg=76483]see Re: VMWare[/msg])

SledgePalm wrote:I knew that it would protect from virus and the like. I just wondered if it did anymore.

Is there the risk the someone that makes malicious software would expect a VM to be used and therefor create a virus that can be transferred from the VM to the host? (not including if the files are shared)

Also, the only free Vm I know of is VMWare player. if you don't mind me asking, what do u use?


I've yet to see any type of malicious software that can detect whether it's in a VM or not, let alone escape it. Also, I'd check out VirtualBox if you're looking for a good free VM.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1443
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: VMWare

Post by 0phidian on Mon Jul 15, 2013 7:26 pm
([msg=76486]see Re: VMWare[/msg])

centip3de wrote:I've yet to see any type of malicious software that can detect whether it's in a VM or not, let alone escape it.


There was cloud burst.

https://en.wikipedia.org/wiki/Virtual_machine_escape
In 2008, a vulnerability (CVE-2008-0923) in VMware discovered by Core Security Technologies make VM escape possible on VMWare Workstation 6.0.2 and 5.5.4. A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS (commercial penetration testing tool). Cloudburst was presented in Black Hat USA 2009
User avatar
0phidian
Poster
Poster
 
Posts: 270
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: VMWare

Post by FunctionCreep on Wed Jul 17, 2013 6:56 pm
([msg=76515]see Re: VMWare[/msg])

centip3de wrote:
SledgePalm wrote:I knew that it would protect from virus and the like. I just wondered if it did anymore.

Is there the risk the someone that makes malicious software would expect a VM to be used and therefor create a virus that can be transferred from the VM to the host? (not including if the files are shared)

Also, the only free Vm I know of is VMWare player. if you don't mind me asking, what do u use?


I've yet to see any type of malicious software that can detect whether it's in a VM or not, let alone escape it. Also, I'd check out VirtualBox if you're looking for a good free VM.


Detecting whether you're in a VM is possible by gathering information on drivers/services that are typically running on a VM. It's follows pretty much the mindset behind debugging-evasion. As to escaping a VM, although tricky, various exploits have surfaced for a bunch of hypervisors (VMware, XEN, XBOX360 come to mind) throughout the years.

There was this talk over at black-hat CON '12 last year (https://www.blackhat.com/html/bh-us-12/ ... tml#Branco) but unfortunately I haven't been able to find the presentation itself.
"I hope for nothing. I fear nothing. I am free." ~ Nikos Kazantzakis
User avatar
FunctionCreep
Experienced User
Experienced User
 
Posts: 92
Joined: Tue May 18, 2010 6:19 pm
Blog: View Blog (0)


Re: VMWare

Post by LoGiCaL__ on Thu Jul 18, 2013 8:06 pm
([msg=76530]see Re: VMWare[/msg])

Hmmm, I know some VM's map the drive from the physical computer to the actual vmware. Probably a setting and not so secure. If you can find info on the drives like mentioned above I don't see why it wouldn't be able to transmit malicious software from the VM.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: VMWare

Post by DarkBox121 on Wed Feb 12, 2014 1:25 am
([msg=79433]see Re: VMWare[/msg])

VMWare datastores could be local or they could be LUNs via iSCSI.

Internet based networks, like hosts you find on Web Hosting Talk, are probably using physical disks where larger data centers or Enterprise networks will go iSCSI.

If its mapped via iSCSI then enabling CHAP, iSNS and or a LDAP Domain - all thrawt hacking in their own way.
iSCSI networks also run off a seperate VLAN.

Honestly though, if you can get into a server who cares what security someone has on storage.

To your original point, having open access to VMWare over the WAN is not such a good idea. You can restrict access to an IP either by a hardware or software ACL and limit ports to essentials for operations. Most of the VM software today is Linux based so make sure to disable SSH unless your doing maintenance.

VMWare is definitely able to be hacked. You can run exploits from a command line and if the host happens to be in a domain (and you have authorization) you can access the host via VMWare CLI and enable SSH or other services to have a look at the VMs. Copy some VMDK files or do whatever.

Personal Favorites - VMWare and SolusVM

E: Also the OS has to sit somewhere and its generally a USB or physical disks in the VM Host
DarkBox121
New User
New User
 
Posts: 1
Joined: Wed Feb 12, 2014 12:27 am
Blog: View Blog (0)


Re: VMWare

Post by Goatboy on Wed Feb 12, 2014 1:54 am
([msg=79434]see Re: VMWare[/msg])

Last post was Thu Jul 18, 2013 at 7:06 pm

Let it die.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests