File: security-general.dita

package info (click to toggle)
virtualbox 7.1.12-dfsg-2
  • links: PTS, VCS
  • area: contrib
  • in suites: sid
  • size: 565,672 kB
  • sloc: ansic: 2,330,854; cpp: 2,193,228; asm: 230,777; python: 223,895; xml: 86,771; sh: 25,541; makefile: 8,158; perl: 5,697; java: 5,337; cs: 4,872; pascal: 1,782; javascript: 1,692; objc: 1,131; lex: 931; php: 906; sed: 899; yacc: 707
file content (61 lines) | stat: -rw-r--r-- 2,886 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic xml:lang="en-us" id="security-general">
  <title>General Security Principles</title>
  
  <body>
    <p>
      The following principles are fundamental to using any application
      securely.
    </p>
    <ul>
      <li>
        <p><b outputclass="bold">Keep software up-to-date</b>. One of the principles of good
          security practise is to keep all software versions and patches up-to-date. Activate the
            <ph conkeyref="vbox-conkeyref-phrases/product-name"/> update notification to get
          notified when a new <ph conkeyref="vbox-conkeyref-phrases/product-name"/> release is
          available. When updating <ph conkeyref="vbox-conkeyref-phrases/product-name"/>, do not
          forget to update the Guest Additions. Keep the host operating system as well as the guest
          operating system up-to-date. </p>
      </li>
      <li>
        <p><b outputclass="bold">Restrict network access to critical
          services.</b> Use proper means, for instance a
          firewall, to protect your computer and your guests from
          accesses from the outside. Choosing the proper networking mode
          for VMs helps to separate host networking from the guest and
          vice versa.
        </p>
      </li>
      <li>
        <p><b outputclass="bold">Follow the principle of least
          privilege.</b> The principle of least privilege states
          that users should be given the least amount of privilege
          necessary to perform their jobs. Always execute <ph conkeyref="vbox-conkeyref-phrases/product-name"/>
          as a regular user. We strongly discourage anyone from
          executing <ph conkeyref="vbox-conkeyref-phrases/product-name"/> with system privileges.
        </p>
        <p>
          Choose restrictive permissions when creating configuration
          files, for instance when creating /etc/default/virtualbox, see
          <xref href="linux_install_opts.dita">Automatic Installation Options</xref>. Mode 0600 is preferred.
        </p>
      </li>
      <li>
        <p><b outputclass="bold">Monitor system activity.</b>
          System security builds on three pillars: good security
          protocols, proper system configuration and system monitoring.
          Auditing and reviewing audit records address the third
          requirement. Each component within a system has some degree of
          monitoring capability. Follow audit advice in this document
          and regularly monitor audit records.
        </p>
      </li>
      <li>
        <p><b outputclass="bold">Keep up-to-date on latest security information.</b> Oracle
          continually improves its software and documentation. Check this note yearly for revisions. </p>
      </li>
    </ul>
  </body>
  
</topic>