Andrew Leniart
asked on
Best way to setup a Win 7 VM with minimal access to the Host Operating System
Hi Experts,
Here's the scenario, though I'm quite familiar with Oracle VM VirtualBox, a colleague of mine wants to setup a VM using Win 7 Pro as the host, just as I did when I ran the tests on infected sites described in my article > Here < and has asked me for advice so he can do a similar exercise with putting "his" host at minimal risk.
I did my tests on a pre-imaged and backed up dedicated Win 7 Pro Test Machine so wasn't too concerned. Even though the VM's I setup didn't infect my Host during any of my tests, I'm not confident enough in my abilities to give instruction on how to configure the testing VM's in such a way as to how to limit access to the Host system thereby lessening the chances if it being affected by something he may run across during "his" testing of malicious sites.
That's where I need some help.
Can any experts advise on the settings they would recommend using in the Oracle VM Virtual Box VM Setup so that it would have the following;
Your suggestions please?
Many thanks..
Here's the scenario, though I'm quite familiar with Oracle VM VirtualBox, a colleague of mine wants to setup a VM using Win 7 Pro as the host, just as I did when I ran the tests on infected sites described in my article > Here < and has asked me for advice so he can do a similar exercise with putting "his" host at minimal risk.
I did my tests on a pre-imaged and backed up dedicated Win 7 Pro Test Machine so wasn't too concerned. Even though the VM's I setup didn't infect my Host during any of my tests, I'm not confident enough in my abilities to give instruction on how to configure the testing VM's in such a way as to how to limit access to the Host system thereby lessening the chances if it being affected by something he may run across during "his" testing of malicious sites.
That's where I need some help.
Can any experts advise on the settings they would recommend using in the Oracle VM Virtual Box VM Setup so that it would have the following;
- Full access to the Internet (obviously)
- None (or as limited as possible) access to the Win 7 Pro Machine Host System Drive in order to prevent any possible leaks of infections and thus cause possible damage to the host
Your suggestions please?
Many thanks..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No problem,
If you want to be very thorough you may wish to compare vulnerabilities between things like VMWare Player/Workstation and VirtualBox to see which one might be in better condition at the time of testing. (I suspect they're both up to date however).
Which on that note, make sure to keep the host, guest, engine and any extensions up to date (but maybe not until after exploit Wednesday :))
If you want to be very thorough you may wish to compare vulnerabilities between things like VMWare Player/Workstation and VirtualBox to see which one might be in better condition at the time of testing. (I suspect they're both up to date however).
Which on that note, make sure to keep the host, guest, engine and any extensions up to date (but maybe not until after exploit Wednesday :))
ASKER
Yes, he will be using current versions and up to date extensions Chris. Have already told him to make sure he does that.
Anyone else have any input on this that they might share?
Anyone else have any input on this that they might share?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@compdigit44 - Couple of great suggestions I'll look into, particularly AppLocker which I had not considered suggesting he use.
Thank you kindly for your input.
Anyone else have suggestions?
Thank you kindly for your input.
Anyone else have suggestions?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your suggestions guys.. Much appreciated.
ASKER
I'll definitively be advising him to beef up security on his Host to paranoid levels as much as possible while he conducts his tests too.
Thanks also for the links you've provided at the end of your message. I will look into them.
Best...