[Dshield] VMware

David Taylor ltr at isc.upenn.edu
Wed Oct 12 19:33:08 GMT 2005


I use VMWare 5 as well and love it.  As others have stated I haven't seen
any direct guest to host problems.  

I have several VMWare guests which runs on Windows XP host and have never
had any problems with it.  I have a Linux Bridge firewall setup as one guest
and force all my traffic through snort inline/IPTABLES as well as some local
IPSEC policies to prevent it from scanning other systems. I normally use
this setup to let people attack the Windows guest but frequently also use it
to drop evil files into.  You can capture packets directly from the host
system if you like and can also setup Sebek to watch any command line
activity if someone connects to the machine and opens a shell.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Semper Securus
Sent: Wednesday, October 12, 2005 3:19 PM
To: General DShield Discussion List
Subject: Re: [Dshield] VMware


I also use VMWare 5 WS quite a bit and have had no issues with any
guest to host contamination. A couple of items for consideration:

* Make sure your host OS is fully patched and hardened.

* Don't enable file (or print) sharing between your guest and host.
Don't use the VMWare "shared folder" for your sacrificial guest.

* Depending on how (or if) you have your VM machine connected to other
VM machines, you may wish to play around with "Custom mode" networking
for the guest to allow complete isolation of networking from the host.

* Use the "snapshot" feature prior to testing anything new.

Andre'

SemperSecurus



On 10/12/05, Paul Marsh <pmarsh at nmefdn.org> wrote:
>
>
> Afternoon All:
>
>        I want to start playing around with the latest and greatest viri
> and exploits to see what they do and how they function.  My question is
> how secure is the system the vmware in running on?  Are there best
> practices I need to follow in order to lock the vm down so I don't
> compromise the host system?
>
> Thanx, Paul
>
>
>
> The information in this transmittal (including attachments, if any) is
privileged and confidential and is intended only for the recipient(s) listed
above. Any review, use, disclosure, distribution or copying of this
transmittal is prohibited except by or on behalf of the intended recipient.
If you have received this transmittal in error, please notify me immediately
by reply email and destroy all copies of the transmittal. Thank you.
>
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list