question about security when using a virtual machine

Discussion in 'Networking & Security' started by aerotive, Jul 13, 2008.

  1. aerotive

    aerotive n00b

    Messages:
    49
    Joined:
    Feb 1, 2005
    I telecommute from home, and use Vista as a host for an XP guest virtual machine. The virtualization software is VMware Workstation. The computer is mine, but vmware, a vpn client, and everything else than runs inside the VM is provided by my employer.

    I would like to know if there's any way for my employer to detect what is happening on the host machine while the vm is active....things like detecting or inspecting packets, seeing what's on the screen, keyboard logging, etc. And if it's possible how would I prevent it.

    Thanks.
     
  2. MorfiusX

    MorfiusX 2[H]4U

    Messages:
    3,007
    Joined:
    Feb 13, 2004
    Generally the answer is no, at least not from within the VM. If they have you install something else on the host, that might be a different story.
     
  3. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,861
    Joined:
    Feb 19, 2004
    yeah, you should be fine. The VM is in a sandbox so to speak.
     
  4. XOR != OR

    XOR != OR [H]ardForum Junkie

    Messages:
    11,549
    Joined:
    Jun 17, 2003
    Likely not, BUT...

    It depends on how the network is setup. I've seen a few where the host traffic passes through the guest. Which is a funky way of doing it, but there you go. Were that the case, then the guest could sniff the host's traffic and get some diagnostic on it.

    I would ask the IT guys at work to be safe. If it's your computer, then the albino midget horse pr0n you are worried about shouldn't be the company's concern.
     
  5. hokatichenci

    hokatichenci Gawd

    Messages:
    722
    Joined:
    Oct 28, 2004
    Just wondering - how does VMWare handle the networking ? I know under Linux (xen) if you do network bridging you can inspect other virtual systems packets.
     
  6. sully127

    sully127 Limp Gawd

    Messages:
    188
    Joined:
    Oct 17, 2005
    You really just hit the nail on the head; the answer is yes, but no.

    As far as the VM itself, it is nothing more than a vmdk and vmx file on your computer and has no bearing on what the host machine is doing. With that said, your networking setup is what can open the breach that you're talking about. With workstation, you have the option of using Bridged, NAT, or Host only.

    Bridged - connect directly to the specified NIC
    NAT - share the host's network connection
    Host-Only - only allow networking between the host and guest OS

    You need to treat the networking connection between the guest and host OS the same way you would handle any physical network consideration to another networked PC with all of the security therein.
     
  7. aerotive

    aerotive n00b

    Messages:
    49
    Joined:
    Feb 1, 2005
    Thanks for the answers everyone, very informative.
     
  8. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    Don't be so quick, guys...There are published exploits for guests that affect the host computer. That means that something that happens on the VM machine can affect the host machine, VMware is not a security measure, it's a tool.
     
  9. MorfiusX

    MorfiusX 2[H]4U

    Messages:
    3,007
    Joined:
    Feb 13, 2004
    I'm gonna needs some links.
     
  10. da sponge

    da sponge [H]ard|Gawd

    Messages:
    1,133
    Joined:
    Aug 23, 2001
    ...and its highly unlikely that anything his employer's VM does would be targeted to exploit some vulnerability to compromise the employee's personal system.
     
  11. PTNL

    PTNL [H]ardness Supreme

    Messages:
    4,190
    Joined:
    Jan 2, 2005
    I do agree with Morfius and spongey's comments about the likely hood of a company trying to exploit a paid software product (VMware Workstation) to do such a thing.

    The changelogs of VMware's products hint at exactly what Rabidfox mentioned. IIRC, the majority required a user to have complete control of a Linux guest OS (not the OP's OS). I'm not saying it's not possible, I'm saying that it's not probable that a VMware exploit would be used for monitoring -- GP, packet sniffing on the company's side, and other corporate-wide applications running in the VM is so much easier to maintain across a high volume of users.
     
  12. kozz

    kozz n00b

    Messages:
    14
    Joined:
    Jul 14, 2008
    I'm sure the net/sys admins who maintain and administer your VM systems have other crap to worry about, rather than what's going on with your host machine. If they cared, they would set you up on a split tunneling disabled VPN connection, and all traffic related to your VM and host would be routed through the company network. We do this at our company because we deal with extremely sensitive data that we can't allow out (although there are pretty easy ways to get around disabled split tunneling, unfortunately).

    My guess is that your admins either don't have the time, or don't have the motivation (after all, most admins are lazy :) ), to monitor home client machines. Coming from an admin's POV, I wouldn't worry about anything. And if you're worried, disconnect from your VPN before you do your dirty deeds on the web.
     
  13. kozz

    kozz n00b

    Messages:
    14
    Joined:
    Jul 14, 2008
    Oh and, if you're worried about your work monitoring what you do on your host PC, the VM won't be the culprit to look for. The VM is completely sovereign. The thing to worry about is the way your VPN connection works.