Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It seems web browsing is becoming one of the most prevalent vectors of attack so I was contemplating the idea of running Fedora on Virtual Box for all my web browsing needs. The plan would be to have a snapshot of Fedora and Firefox with all my settings in place. When I'm done browsing I'd simply destroy the VM and reload from the known safe snapshot for future browsing. This would ensure that any disease Fedora or Firefox picked up during any session could not perpetuate itself beyond a single VM session.
Obviously VirtualBox is not a perfect solution because its feasible that an attack could go through my VM to the OS running VirtualBox. However, I think for the time being this "security by obscurity" would work.
It seems web browsing is becoming one of the most prevalent vectors of attack so I was contemplating the idea of running Fedora on Virtual Box for all my web browsing needs. The plan would be to have a snapshot of Fedora and Firefox with all my settings in place. When I'm done browsing I'd simply destroy the VM and reload from the known safe snapshot for future browsing. This would ensure that any disease Fedora or Firefox picked up during any session could not perpetuate itself beyond a single VM session.
Obviously VirtualBox is not a perfect solution because its feasible that an attack could go through my VM to the OS running VirtualBox. However, I think for the time being this "security by obscurity" would work.
Any comments/suggestions?
This wouldn't be considered security through obscurity. In fact, it would be the exact opposite of that. Isolation is a tried and true security methodology. If you want some inspiration for your endeavour, I encourage you to read the recent interview with Joanna Rutkowska, who is a highly-respected security researcher. Here's a snippet from the interview:
Quote:
I use different virtual machines to host various types of browsers that I use for different kind of activities. So, I use a "Red" VM to do daily browsing, something totally non-sensitive like news reading, Googling, etc. I use a "Yellow" machine to do some semi-sensitive tasks, like online shopping, updating my blog on Blogger, etc. Finally, I have a "Green" machine to access my bank's account.
EDIT: Of course, you should not get sloppy with your security within the virtual environment. Notice how even though Joanna Rutkowska is running browsers in virtual machines, she still takes traditional security precautions inside each of them.
This wouldn't be considered security through obscurity. In fact, it would be the exact opposite of that.
Its security through obscurity because virtualization technology is still an emerging technology and most likely the means by which to attack them are not very well known.
Quote:
Originally Posted by win32sux
Isolation is a tried and true security methodology. If you want some inspiration for your endeavour, I encourage you to read the recent interview with Joanna Rutkowska, who is a highly-respected security researcher. Here's a snippet from the interview:
EDIT: Of course, you should not get sloppy with your security within the virtual environment. Notice how even though Joanna Rutkowska is running browsers in virtual machines, she still takes traditional security precautions inside each of them.
There are a few potential attack methods I've pondered: For example, unless the virtualizing software takes measures to protect other memory areas a pointer can be used to attack ANYWHERE in memory, including your host machine. Protection can be achieved by restricting memory access via hardware such as the IOMMU but last time I checked no virtualization developers were touting "security".
You could also access device memory or DMA abilities. I don't believe the IOMMU would even be able to stop that.
I believer there is work being done to develop secure virtualization technology at greenhills but I don't think that the other technologies are secure, its merely obscure, which is fine for me for now.
Its security through obscurity because virtualization technology is still an emerging technology and most likely the means by which to attack them are not very well known.
There are a few potential attack methods I've pondered: For example, unless the virtualizing software takes measures to protect other memory areas a pointer can be used to attack ANYWHERE in memory, including your host machine. Protection can be achieved by restricting memory access via hardware such as the IOMMU but last time I checked no virtualization developers were touting "security".
You could also access device memory or DMA abilities. I don't believe the IOMMU would even be able to stop that.
I believer there is work being done to develop secure virtualization technology at greenhills but I don't think that the other technologies are secure, its merely obscure, which is fine for me for now.
Please keep in mind that security is a never-ending process. It's not a product that you can go and buy from a software manufacturer. There's absolutely nothing wrong with deploying virtual machines as an integral part of your approach to risk management. As you can see in the interview I linked for you, even some of the brightest minds in the industry do it.
Yes, as the author of Blue Pill, she's very familiar with the territory. Her knowledge in this arena does lend more weight to the isolation technique she uses for her own Web browsers, doesn't it?
If you read you will see the machine specs she working with, and its a HUGE machine, I mean I've got servers running with less power than that thing. She needs every bit of it if she's going to run VM container on top of VM container. I wondering what type of VM she's using, I've never really used Xen or KVM but I am currently using VMware and Virtualbox extensively. It appears that the bluepill is geared more towards modern virtualization software that utilizes hypervisors like Xen and VMware ESX. We are talking about moving our entire infrastructure at work into a virtual one.. so this stuff is very interesting to me.
It appears that the bluepill is geared more towards modern virtualization software that utilizes hypervisors like Xen and VMware ESX.
Yes, Blue Pill uses a bare-metal hypervisor (like the two examples you've provided). Your native OS becomes a guest on this virtual machine, while leaving you clueless about it (much like most people in The Matrix had no idea about their true circumstances). That said, we seem to be drifting off-topic here. Let's get back to the running of Web browsers in virtual machines. Virtualization-based malware is a separate topic which I encourage you to open a new thread for instead.
If you read you will see the machine specs she working with, and its a HUGE machine, I mean I've got servers running with less power than that thing. She needs every bit of it if she's going to run VM container on top of VM container. I wondering what type of VM she's using, I've never really used Xen or KVM but I am currently using VMware and Virtualbox extensively.
To run all of my virtual machines, I use a type II hypervisor (VMWare Fusion), which is a fat application running on my host. From the theoretical point of view, there is no good reason to believe that it would be harder to find a bug in the type II hypervisor than it would be to find a bug in the OS kernel itself. Both are big and fat, and have many drivers inside them. But practically, it seems that it is more difficult. The attacker must first find a way to execute code in the guest's kernel. Remember that the attack starts from being able to execute code in the browser only, then he or she must find a way to attack the VMM (hypervisor). So, to break out of the VM and finally do something reasonable in the host's kernel, which might be a totally different OS then the guest's kernel (I use Windows in my guests and Mac OS X on the host).
Please keep in mind that security is a never-ending process.
I'm well aware but thank you.
Quote:
Originally Posted by win32sux
It's not a product that you can go and buy from a software manufacturer. There's absolutely nothing wrong with deploying virtual machines as an integral part of your approach to risk management. As you can see in the interview I linked for you, even some of the brightest minds in the industry do it.
The overarching goal of my post was to ping others who are also familiar with security to get their opinion on whether or not this was worthwhile approach. What are the risks, vulnerabilities, and perhaps some better alternatives.
So far Bluepill has been mentioned. I'll have to look into it.
Which strikes me as a rather strange thing to mention, considering that Blue Pill represents a threat to everything running on your VT-x/SVM-capable CPU. Blue Pill is virtualization-based malware, it's not malware which targets virtualization.
Which strikes me as a rather strange thing to mention, considering that Blue Pill represents a threat to everything running on your VT-x/SVM-capable CPU. Blue Pill is virtualization-based malware, it's not malware which targets virtualization.
From my quick-read of that article I was under the impression that the Bluepill was some type of virtualization technology, not malware.
"So let’s talk about "Ring -1" exploits and your “blue pill.""
"I wrote BluePill in 2006 to demonstrated how this hardware virtualization technology can be abused by malware to create a stealthy hypervisor and move, on the fly, the running OS into a virtual machine, controlled by this stealthy hypervisor."
"Another unique feature of BluePill, which has made it truly one of its kind, is its support for nested virtualization--one can load BluePill, and then, inside the virtual machine created by BluePill, start a normal hypervisor like Xen or Virtual PC (that itself makes use of VT-x/AMD-v). You can even load several instances of BluePills inside each other. I'm actually quite proud of this nested virtualization support!"
From my quick-read of that article I was under the impression that the Bluepill was some type of virtualization technology, not malware.
It's both. It is proof of concept code that can insert itself into 'ring -1' and virtualize the previous host (or only) OS without the OS or the user being any the wiser. Once this happens, all bets are off, as the virtualized OS is no longer in control of the machine. The ultimate rootkit, if you will.
Back to the subject of the post, Our good friend Linus72 here on LQ has developed a simple QEMU script with a disk image thats running Puppy linux browser edition. I've used it myself personally and I've found it very useful for tracking down malware and for accessing sites that I know have malware and other attacks embedded. If I'm not mistaken it's runnnig Seamonkey, which will do just about anything Firefox will do, plugin wise.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.