VMware Communities
rainey
Enthusiast
Enthusiast
‎10-14-2009 05:04 PM

VMware 6.5 security and isolation

VMware 6.5 security and isolation

I have been worried about security on my main PC lately with all the scams and bad files, web page going around the internet.

So i though i would stop doing any banking and other things on my main PC and setup a VM just for those tasks to limit the exposure of that PC(VM)to all the risks out there these days by just surfing the web or the other common things that one does with there main PC.

So my questions are as follows.

1. Is this a good idea in principle or am i full of it.

2. This VM needs Internet access so i have the network card setup in bridged mode, is there a better mode to further isolate this VM from any bad software that might be running on the Host PC.

3. To keep the data files secure i have setup a mountable drive inside the VM disk that is password protected using software like true crypt because the VM disk could be mounted with easy and the files exposed. Is this the best way to protect my data or are there other ways.

Any other thoughs or links on how to best accomplish this type of secuirty or isolation in a VM is welcomed.

Rainey

Reply
0 Kudos
4 Replies
louyo
Virtuoso
Virtuoso
‎10-15-2009 05:37 AM

You might want to have a look here:

http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e550

Lou

you are not paranoid, they really are out to get you Smiley Happy

Reply
0 Kudos
rainey
Enthusiast
Enthusiast
‎10-15-2009 06:50 PM

Lou

Thanks for the reply, thats is some read, many good ideas in that thred.

I think the LiveCD idea has many good points and is the best , but least convenent. I had not been look to move away from windows but that may be the way to go also.

I am not worried much about Keyloggers but there are many small programs that once installed do so much more. I have seen some utube videos of just clicking on a link and the PC is owned, the attacher has full view of your screen and can see what you do, log you key, and take command of your PC.

There are many virus/spyware that targets your banking info, and now a days if you go to a new group it is 95% virus loaded files. Main stream web pages are being hacked and infected so just going to them in some cases you can get hit, and if you click in a popup no telling if it is safe anymore even at main stream sites.

Rainey

Reply
0 Kudos
jokke
Expert
Expert
‎10-16-2009 03:24 AM

Throwing in my own idea about this;

  • Uninstall vmware tools

  • Remove any virtual networking

  • Connect to internet through an usb2ethernet adapter directly from your VM.

  • Add something like this to your vmx file; ide0:0.mode = "independent-nonpersistent" or some other means of starting clean on every boot to prevent malware (if infected) surviving a reboot

This way you will drastically reduce the risk of malware spreading from host to guest.

Reply
0 Kudos
continuum
Immortal
Immortal
‎10-16-2009 04:13 AM

to add on to jokkes suggestion ...

you should then also set

monitor_control.restrict_backdoor = "true"

As far as I know such a VM setup like that should be quite isolated

___________________________________

VMX-parameters- VMware-liveCD - VM-Sickbay


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

Reply
0 Kudos