1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic xml:lang="en-us" id="pot-insecure">
<title>Potentially Insecure Operations</title>
<body>
<p>
The following features of <ph conkeyref="vbox-conkeyref-phrases/product-name"/> can present security
problems:
</p>
<ul>
<li>
<p>
When teleporting a machine, the data stream through which
the machine's memory contents are transferred from one host
to another is not encrypted. A third party with access to
the network through which the data is transferred could
therefore intercept that data. An SSH tunnel could be used
to secure the connection between the two hosts. But when
considering teleporting a VM over an untrusted network the
first question to answer is how both VMs can securely access
the same virtual disk image with a reasonable performance.
</p>
<p>
If the network is not sufficiently trusted, the password
should be changed for each teleportation as a third party
could detect the unecrypted password hash when it is
transferred between the target and source host machines.
</p>
</li>
<li>
<p>
When <xref href="guestadd-pagefusion.dita">Page Fusion</xref>,
is enabled, it is possible that a side-channel opens up that
enables a malicious guest to determine the address space of
another VM running on the same host layout. For example,
where DLLs are typically loaded. This information leak in
itself is harmless, however the malicious guest may use it
to optimize attack against that VM through unrelated attack
vectors. It is recommended to only enable Page Fusion if you
do not think this is a concern in your setup.
</p>
</li>
<li>
<p>
When using the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> web service to control an
<ph conkeyref="vbox-conkeyref-phrases/product-name"/> host remotely, connections to the web
service, over which the API calls are transferred using SOAP
XML, are not encrypted. They use plain HTTP by default. This
is a potential security risk. For details about the web
service, see <xref href="VirtualBoxAPI.dita#VirtualBoxAPI"/>.
</p>
<p>
The web services are not started by default. See
<xref href="vboxwebsrv-daemon.dita#vboxwebsrv-daemon"/> to find out how to start
this service and how to enable SSL/TLS support. It has to be
started as a regular user and only the VMs of that user can
be controlled. By default, the service binds to localhost
preventing any remote connection.
</p>
</li>
<li>
<p>
Traffic sent over a UDP Tunnel network attachment is not
encrypted. You can either encrypt it on the host network
level, with IPsec, or use encrypted protocols in the guest
network, such as SSH. The security properties are similar to
bridged Ethernet.
</p>
</li>
<li>
<p>
Because of shortcomings in older Windows versions, using
<ph conkeyref="vbox-conkeyref-phrases/product-name"/> on Windows versions older than Vista with
Service Pack 1 is not recommended.
</p>
</li>
</ul>
</body>
</topic>
|
