VirtualBox

source: vbox/trunk/doc/manual/en_US/user_Security.xml@ 38395

最後變更 在這個檔案從38395是 38027,由 vboxsync 提交於 13 年 前

UserManual: a note about RDP.

  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 4.4 KB
 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
4<chapter id="Security">
5 <title>Security guide</title>
6
7 <sect1>
8 <title>Potentially insecure operations</title>
9
10 <para>The following features of VirtualBox can present security
11 problems:<itemizedlist>
12 <listitem>
13 <para>Enabling 3D graphics via the Guest Additions exposes the host
14 to additional security risks; see <xref
15 linkend="guestadd-3d" />.</para>
16 </listitem>
17
18 <listitem>
19 <para>When teleporting a machine, the data stream through which the
20 machine's memory contents are transferred from one host to another
21 is not encrypted. A third party with access to the network through
22 which the data is transferred could therefore intercept that
23 data.</para>
24 </listitem>
25
26 <listitem>
27 <para>When using the VirtualBox web service to control a VirtualBox
28 host remotely, connections to the web service (through which the API
29 calls are transferred via SOAP XML) are not encrypted, but use plain
30 HTTP. This is a potential security risk! For details about the web
31 service, please see <xref linkend="VirtualBoxAPI" />.</para>
32 </listitem>
33
34 <listitem>
35 <para>All traffic sent over an UDP Tunnel network attachment is not
36 encrypted. You can either encrypt it on the host network level (with
37 IPsec), or use encrypted protocols in the guest network (such as
38 SSH). The security properties are similar to bridged Ethernet.</para>
39 </listitem>
40 </itemizedlist></para>
41 </sect1>
42
43 <sect1>
44 <title>Authentication</title>
45
46 <para>The following components of VirtualBox can use passwords for
47 authentication:<itemizedlist>
48 <listitem>
49 <para>When using the VirtualBox extension pack provided by Oracle
50 for VRDP remote desktop support, you can optionally use various
51 methods to configure RDP authentication. The "null" method is
52 very insecure and should be avoided in a public network.
53 See <xref linkend="vbox-auth" /> for details.</para>
54 </listitem>
55
56 <listitem>
57 <para>When using teleporting, passwords can optionally be used to
58 protect a machine waiting to be teleported from unauthorized access.
59 Note however that these passwords are stored <emphasis
60 role="bold">unencrypted</emphasis> in the machine configuration XML
61 and therefore potentially readable on the host. See <xref
62 linkend="teleporting" /> and <xref
63 linkend="vboxmanage-modifyvm-teleport" />.</para>
64 </listitem>
65
66 <listitem>
67 <para>When using remote iSCSI storage and the storage server
68 requires authentication, a password can optionally be supplied with
69 the <computeroutput>VBoxManage storageattach</computeroutput>
70 command. Note however that this is stored <emphasis
71 role="bold">unencrypted</emphasis> in the machine configuration and
72 is therefore potentially readable on the host. See <xref
73 linkend="storage-iscsi" /> and <xref
74 linkend="vboxmanage-storageattach" />.</para>
75 </listitem>
76
77 <listitem>
78 <para>When using the VirtualBox web service to control a VirtualBox
79 host remotely, connections to the web service are authenticated in
80 various ways. This is described in detail in the VirtualBox Software
81 Development Kit (SDK) reference; please see <xref
82 linkend="VirtualBoxAPI" />.</para>
83 </listitem>
84 </itemizedlist></para>
85 </sect1>
86
87 <sect1>
88 <title>Encryption</title>
89
90 <para>The following components of VirtualBox use encryption to protect
91 sensitive data:<itemizedlist>
92 <listitem>
93 <para>When using the VirtualBox extension pack provided by Oracle
94 for VRDP remote desktop support, RDP data can optionally be
95 encrypted. See <xref linkend="vrde-crypt" /> for details. Only
96 the Enhanced RDP Security method (RDP5.2) with TLS protocol
97 provides a secure connection. Standard RDP Security (RDP4 and
98 RDP5.1) is vulnerable to a man-in-the-middle attack.</para>
99 </listitem>
100 </itemizedlist></para>
101 </sect1>
102</chapter>
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette