Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 138
  • Last Modified:

Are there any OTS solutions for creating locked down VM's

We have an project where we need to protect the rights of digital media that will form part of a workflow. Looking for some advice on how best to tackle this.

What we want to do is build Linux VM's with pre-configured software. We give the VDI / VHD to the developer which they then load with a Player using their own workstations as a host.

The VM's are locked down - internet access but only to a specified domain / server.
Disable all other means of getting data off the machine - only way for data to move is over the network to the specified domain / IP.
No access to override the above.

Just confirming that  the above is possible and relatively straight forward - what would be the best Linux distribution for this be?
Are there solutions out there already we can build on.

On the VM side - some of the software has activation keys that are bound to a MAC address. Is there a way for the software on the VM to see the MAC address of the host instead of the Virtual NIC - so that the software key still works?
0
Julian Hansen
Asked:
Julian Hansen
  • 6
  • 6
1 Solution
 
gheistCommented:
How a virtual machine is different from physical machine?

Exactly host MAC is one you cannot set on any other machine.

What you are trying will not work. Single site browser with money pipe gets removed from mobile app stores quickly.
0
 
Julian HansenAuthor Commented:
@gheist,

I am not following your response - what do you mean by "Single site browser with money pipe gets removed from mobile app stores quickly" ?
0
 
gheistCommented:
Customer can modify whatever you package to their liking. Like unzip OVA, change VMX and edit checksum in MF file.

Are you looking to implement access controls on your site?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Julian HansenAuthor Commented:
There is no site.

There is a repository that operates on a custom port. We have an application that communicates with that service.

The idea is to create a pre-configured environment but one that is locked down so that the only way of moving media is between the locked down VM and our server through the custom application.

I know you can get around anything - this is not meant as a guaranteed fail safe solution - just enough of deterrent that discourages most from trying to "hack" it.
0
 
gheistCommented:
Are you looking to implement access controls on your site?

YES/NO ?
0
 
Julian HansenAuthor Commented:
I am trying to understand your question.

There is no web site in this equation - if that is what you are referring to. There is an application that runs locally on the VM that communicates with a server to exchange information - mainly digital media. There is authentication that happens over that link - but the application does that - not the user.

Not sure if we are on the same page here - this discussion is not really going in the direction I was hoping.

I was looking for some pointers to either a solution that is already out there that allows for easy creation of locked down VM images - as well as some indication as to how difficult it would be to circumvent a VM image if it were locked down - i.e. how to make it as difficult as possible for someone to using the VM to get data off it other than through the specialised application that communicates with the central server.
0
 
gheistCommented:
VM image one can open as a disk image, there is nothing in the world that can prevent it.
What about VPN gateway to your application? Then you have indirect user identification even havind lax security on your stream server?
0
 
Julian HansenAuthor Commented:
The problem is not the link but the possession of sensitive materials.
In order for developer to work on the files they need copies of them but we need to put as much in place as possible to prevent them from redistributing them (on the Net or elsewhere).

What if the data is encrypted within the VM? Then even if you can attach it you won't be able to access the data?
0
 
gheistCommented:
You have to give them decryption key one or other way.
0
 
Julian HansenAuthor Commented:
Granted but what if the encryption is run by a process inside the VM. When the VM is attached as a disk then it is just data - when it is booted an app runs that provides the encrypt decrypt.

I think we are diving into complicated territory though the drive of my question was to find out if there is a project (open source or proprietary) that has addressed the issue of virtualising an environment such that a level of security protects (to a certain extent) the IP (intellectual property) of the "work" done in that environment.

I work a bit with Vagrant which allows for virtualised development environments - which is perfect for what we want except for the security aspect of it.

If I understand you correctly there is nothing (that you are aware of) that fills this particular niche?
0
 
gheistCommented:
No, there is no keyless encryption.
0
 
Julian HansenAuthor Commented:
Thanks - apologies for closing this late.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now