VMware Communities : Document List - Security & vShield Zones

vmware + truecrypt for fully encrypted windows OS?

Fri, 21 Aug 2009 20:27:42 GMT

started from thread on truecrypt forums: http://forums.truecrypt.org/viewtopic.php?p=22979

my question from there repeated for convenience:

if I do the following, will any traces be left on my machine at all?

create a truecrypt volume. mount it, and create a vmware partition for a new operating system on the truecrypt volume. if I boot up the vmware operating system (which only has access to the truecrypt section of the hard drive), would any traces of my activity be left behind? what about with the swap/page file in the native OS?

there responses seem to indicate "there's no way that'd work." is that accurate? can I configure vmware to do what I want? if so, how do I go about it?

Encrypting the VM volume is not really the answer here.
What you need to do is seal up the OS (inbound and outbound) within itself.
This will give you the self protecting layer you require.

Encrypting the vm volume will only stop other volumes/ hosts accessing it, not control the effects you are talking about in your thread.

Good luck.

Hello!
Could you please be more specific on how this should/could be done?

P.S.: Merry Christmas!

VMware products can create files outside the VM's directory, but you can play with the tmpDirectory field to control that.

However, the larger problem of the swap/pagefile containing traces of your activity remains intact. This is an operating systems shortcoming, not a VMware one.

I haven't tried, but if you gave the VM 100% reservation of the memory would it not create the swap file? Thus securing the VM from the host perspective?

when you give th VM 100% reservation a zero byte sized swap file is created

There are other traces left besides the swapfile
There are traces in the different logs (vmkernel,hostd,...).
Question is how easily these traces can be used.

But those traces contain no data of what is in the VM. So even a zero byte swapfile is useless, because it has no data in it. I would think if you secure the guest os, turn of things like TPS and have no swap it would be considered secure. The only thing on top of that you could add would be maybe encryption of the VMDKs, but that would add a significant amount of overhead to the virtualization layer.

But those traces contain no data of what is in the VM.

only VMware knows, I guess

So even a zero byte swapfile is useless, because
it has no data in it.agree

Yes, it will leave traces see my post http://www.vmware.com/community/thread.jspa?threadID=70884&tstart=0

then any dissent forensic will get you.

Encryption of the VMDKs, suspend file, and configuration files has been available in VMware ACE, since Dec 2004. You might want to look into that if you're on the desktop, not the server.

I know what you want to do but who exactly do you want to protect your data from? If it's law enforcement having a VM inside of an encrypted drive might be sufficient. If you're trying to protect things from the government then all bets are off.

If you want to hide porn from your parents it's easy. (Unless one of your parents happens to work for the FBI forensics team or NSA data recovery.)

If you want to hide things from the law, it gets harder as they have access to the FBI's forensic services. The best you can do is get everything encrypted and then run ENCASE on your own drives to see if you can find anything.

If you want to hide things from criminals then consider worst case they have a black hat with the skills of the FBI's forensic lab.

If you want to hide things from the NSA what the h@#$ are you doing in the first place that would draw their attention and you should seal your computers into an EM shielded room (TEMPEST) with no outside connections (Sniffing and intrusion) and have a block of thermite setting on top of your drives with a panic button on you at all times (NSA Data recovery that can get data off your drive no matter how many times you overwrite it though it will drop the classification level of the drive by one step. Per their own directive for destruction of classified material get an NSA approved degausser, yank your drive and toss it in. Note that those degaussers that don't require you to take the platters out cost in the range of $30k+) Even with all of that I can't guarantee they won't get your data.

If you want ideas look at the Common Criteria approved products list for data encryption that's approved per NSTISSP No. 11 for use on classified data. I'd advise looking for EAL 4+ products.

This document was generated from the following thread: vmware + truecrypt for fully encrypted windows OS?

Putty & Certificate Authentication.

Wed, 24 Sep 2008 13:39:10 GMT

Can any one help?

Scenario

I have 2 ESX 3.0.2.Upd1 host machines that are managed from a laptop. Using PuttyGen I have created my id_rsa.txt, id_rsa.pub and id_rsa.ppk keys. I have then FTP'd my id_rsa.txt to /$home/.ssh directory and changed the permissions to -rw-------- and ownership to owner:owner, and renamed teh file authorized_keys. I have then started up Putty in the normal way and configured it to use the id_rsa.ppk previously created.

Problem

I get either "Server Refused Key" or "No Authentication Methods Available".

Other Info

I have accepted the Key request that appears on opening a Putty connection for the first time. But this is not using the keys that I have created and thus doesn't fulfil the security criteria that have been set. The end result must be certificated authentication with all other means disabled. Currently I have bypassed this by ammending the sshd_config file.

Is there a file or cache that holds the keys that can be flushed or deleted or ammended to clear out any spurious or out of date keys?

Hello,

Please give the exact puttygen steps you took.

Also the exact changes you made to sshd_config.

Otherwise we are shooting in the dark here.

Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

To create my keys I did teh following:

1 Open PuttyGen and select Generate, move the cursor around the space to generate the key.

2. Enter a "Key comment" for Reference purposes.

3. Enter a "Key Passphrase" then "Confirm Passphrase".

4. Click on "Save Public Key" and save it as a id_rsa.pub on the desktop.

5. Click on "Save Private Key" and save it as a id_rsa.ppk on the desktop.

6. Highlight, and copy the contents of the key window "ssh-rsa....to end, and paste into Notepad. Save as id_rsa.txt.

The id_rsa.txt is then ftp'd over to the ESX Host into the /$home/.ssh and renamed authorized_keys

As I said previously change ownership and permissions, and as far as I am aware, that should be it.

To use, open Putty, enter IP Address, select SSH/Auth from the Catagory tree, browse to my id_rsa.ppk file and click Open.

That is as far as I get.

The problem is that this has been working in our test environment, and I am doing nothing different. The systems are identical except for one factor and that is that the test environment was set up and is being managed from the same laptop. However the Dev environment was set up with one laptop, and managed with another having moved teh .ppk file across. I thought there may be some tie in between hardware and key so I generated a new set of keys with the new laptop, but it still fails. That is why I enquired if there was some sort of cache of keyfile that gets written to, that could be cleared.

The only change I made to the sshd_config was to enable Password Authentication so that if and when the certificate failed I could still log on. This eventually will need to be disabled once I have sorted out this problem.

Hello,

THere is no keyfile cache. Are you trying to get in as root or another user? Root will not work by default.

Look in ~/.ssh/authorized_keys and see if you have two lines with the same comment. Sometimes that is the issue.

Did you add it to the proper users authorized_keys file?

Simple things, I know but there is no cache mechanism for sshd. You could always do 'service sshd restart' and that will clear anything out that was there.

Hi Edward,

I am using a user that has admin privilages, and once logged on su to root. I have looked at the authorized keys file, and there is only one key in it, the one that I created using Putty?

I cannot see any reason why this configuration doesn't work. I have done all the things that you suggest, during my fault diagnosis but cannot coome up with a cause.

My interntion is to build a stand alone host and try to either re-create the fault or see if re-building the host and starting with a clean sheet will cure the problem.

I will keep you posted as to my success/failure...

Hi again Edward,

Thanks for your help thus far, just to give a quick update. I haven't been able to reproduce the problem, but I have been able to get everything to work as expected. This leads me to believe my original thought about a user profile issue was the culprit although not proven. I think that the solution to my problem will be to remove the offending profile and recreate it. Then generate a fresh pair of keys, and take it from there.

Many thanks for your advice and assistance, this isn't the first timie you've got me out of a hole.

Kind regards

Steve Pickering

Hello Steve,

Just another thought, all items pertaining to SSH logins are logged to /var/log/secure and /var/log/messages. Do either of these files have errors pertaining to your login? It could be a permission problem with some aspect of the ssh subsystem. But recreating the profile and keys is a good way to go.

Reporting on privilege assignment

Wed, 21 May 2008 18:29:45 GMT

An Access SQL query I use to help report and diagnose access privilege issues. Assumes an ODBC connection to your SQL VCDB called VCDB.

The inner joins are to compensate for the fact that read-only is a reserved role with no VPX_ROLE record and no VPX_PRIV_ROLE entries.

SELECT dbo_VPX_ACCESS.PRINCIPAL, dbo_VPX_OBJECT_TYPE.NAME, dbo_VPX_ENTITY.NAME, dbo_VPX_ROLE.NAME, dbo_VPX_PRIV_ROLE.PRIV_NAME, d bo_VPX_ACCESS.FLAG
FROM ((dbo_VPX_ACCESS INNER JOIN dbo_VPX_ENTITY ON dbo_VPX_ACCESS.ENTITY_ID = dbo_VPX_ENTITY.ID) LEFT JOIN (dbo_VPX_PRIV_ROLE LEFT JOIN dbo_VPX_ROLE ON dbo_VPX_PRIV_ROLE.ROLE_ID = dbo_VPX_ROLE.ID) ON dbo_VPX_ACCESS.ROLE_ID = dbo_VPX_PRIV_ROLE.ROLE_ID) INNER JOIN dbo_VPX_OBJECT_TYPE ON dbo_VPX_ENTITY.TYPE_ID = dbo_VPX_OBJECT_TYPE.ID
WHERE (((dbo_VPX_ACCESS.PRINCIPAL)="INTERNAL\test.vm.admins"))
ORDER BY dbo_VPX_ACCESS.PRINCIPAL, dbo_VPX_OBJECT_TYPE.NAME, dbo_VPX_ENTITY.NAME, dbo_VPX_ROLE.NAME, dbo_VPX_PRIV_ROLE.PRIV_NAME;