question about security when using a virtual machine

aerotive

n00b
Joined
Feb 1, 2005
Messages
49
I telecommute from home, and use Vista as a host for an XP guest virtual machine. The virtualization software is VMware Workstation. The computer is mine, but vmware, a vpn client, and everything else than runs inside the VM is provided by my employer.

I would like to know if there's any way for my employer to detect what is happening on the host machine while the vm is active....things like detecting or inspecting packets, seeing what's on the screen, keyboard logging, etc. And if it's possible how would I prevent it.

Thanks.
 

MorfiusX

2[H]4U
Joined
Feb 13, 2004
Messages
3,007
Generally the answer is no, at least not from within the VM. If they have you install something else on the host, that might be a different story.
 

XOR != OR

[H]F Junkie
Joined
Jun 17, 2003
Messages
11,549
Likely not, BUT...

It depends on how the network is setup. I've seen a few where the host traffic passes through the guest. Which is a funky way of doing it, but there you go. Were that the case, then the guest could sniff the host's traffic and get some diagnostic on it.

I would ask the IT guys at work to be safe. If it's your computer, then the albino midget horse pr0n you are worried about shouldn't be the company's concern.
 
Joined
Oct 28, 2004
Messages
722
Just wondering - how does VMWare handle the networking ? I know under Linux (xen) if you do network bridging you can inspect other virtual systems packets.
 

sully127

Limp Gawd
Joined
Oct 17, 2005
Messages
188
You really just hit the nail on the head; the answer is yes, but no.

As far as the VM itself, it is nothing more than a vmdk and vmx file on your computer and has no bearing on what the host machine is doing. With that said, your networking setup is what can open the breach that you're talking about. With workstation, you have the option of using Bridged, NAT, or Host only.

Bridged - connect directly to the specified NIC
NAT - share the host's network connection
Host-Only - only allow networking between the host and guest OS

You need to treat the networking connection between the guest and host OS the same way you would handle any physical network consideration to another networked PC with all of the security therein.
 

Rabidfox

Limp Gawd
Joined
Oct 6, 2005
Messages
282
Don't be so quick, guys...There are published exploits for guests that affect the host computer. That means that something that happens on the VM machine can affect the host machine, VMware is not a security measure, it's a tool.
 

MorfiusX

2[H]4U
Joined
Feb 13, 2004
Messages
3,007
Don't be so quick, guys...There are published exploits for guests that affect the host computer. That means that something that happens on the VM machine can affect the host machine, VMware is not a security measure, it's a tool.

I'm gonna needs some links.
 

da sponge

[H]ard|Gawd
Joined
Aug 23, 2001
Messages
1,133
Don't be so quick, guys...There are published exploits for guests that affect the host computer. That means that something that happens on the VM machine can affect the host machine, VMware is not a security measure, it's a tool.

...and its highly unlikely that anything his employer's VM does would be targeted to exploit some vulnerability to compromise the employee's personal system.
 

PTNL

Supreme [H]ardness
Joined
Jan 2, 2005
Messages
4,199
I do agree with Morfius and spongey's comments about the likely hood of a company trying to exploit a paid software product (VMware Workstation) to do such a thing.

The changelogs of VMware's products hint at exactly what Rabidfox mentioned. IIRC, the majority required a user to have complete control of a Linux guest OS (not the OP's OS). I'm not saying it's not possible, I'm saying that it's not probable that a VMware exploit would be used for monitoring -- GP, packet sniffing on the company's side, and other corporate-wide applications running in the VM is so much easier to maintain across a high volume of users.
 

kozz

n00b
Joined
Jul 14, 2008
Messages
14
I'm sure the net/sys admins who maintain and administer your VM systems have other crap to worry about, rather than what's going on with your host machine. If they cared, they would set you up on a split tunneling disabled VPN connection, and all traffic related to your VM and host would be routed through the company network. We do this at our company because we deal with extremely sensitive data that we can't allow out (although there are pretty easy ways to get around disabled split tunneling, unfortunately).

My guess is that your admins either don't have the time, or don't have the motivation (after all, most admins are lazy :) ), to monitor home client machines. Coming from an admin's POV, I wouldn't worry about anything. And if you're worried, disconnect from your VPN before you do your dirty deeds on the web.
 

kozz

n00b
Joined
Jul 14, 2008
Messages
14
Oh and, if you're worried about your work monitoring what you do on your host PC, the VM won't be the culprit to look for. The VM is completely sovereign. The thing to worry about is the way your VPN connection works.
 
Top