| 1 | <?xml version="1.0" encoding="UTF-8"?>
|
|---|
| 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
|---|
| 4 | <chapter id="Security">
|
|---|
| 5 | <title>Security guide</title>
|
|---|
| 6 |
|
|---|
| 7 | <sect1>
|
|---|
| 8 | <title>Potentially insecure operations</title>
|
|---|
| 9 |
|
|---|
| 10 | <para>The following features of VirtualBox can present security
|
|---|
| 11 | problems:<itemizedlist>
|
|---|
| 12 | <listitem>
|
|---|
| 13 | <para>Enabling 3D graphics via the Guest Additions exposes the host
|
|---|
| 14 | to additional security risks; see <xref
|
|---|
| 15 | linkend="guestadd-3d" />.</para>
|
|---|
| 16 | </listitem>
|
|---|
| 17 |
|
|---|
| 18 | <listitem>
|
|---|
| 19 | <para>When teleporting a machine, the data stream through which the
|
|---|
| 20 | machine's memory contents are transferred from one host to another
|
|---|
| 21 | is not encrypted. A third party with access to the network through
|
|---|
| 22 | which the data is transferred could therefore intercept that
|
|---|
| 23 | data.</para>
|
|---|
| 24 | </listitem>
|
|---|
| 25 |
|
|---|
| 26 | <listitem>
|
|---|
| 27 | <para>When using the VirtualBox web service to control a VirtualBox
|
|---|
| 28 | host remotely, connections to the web service (through which the API
|
|---|
| 29 | calls are transferred via SOAP XML) are not encrypted, but use plain
|
|---|
| 30 | HTTP. This is a potential security risk! For details about the web
|
|---|
| 31 | service, please see <xref linkend="VirtualBoxAPI" />.</para>
|
|---|
| 32 | </listitem>
|
|---|
| 33 |
|
|---|
| 34 | <listitem>
|
|---|
| 35 | <para>All traffic sent over an UDP Tunnel network attachment is not
|
|---|
| 36 | encrypted. You can either encrypt it on the host network level (with
|
|---|
| 37 | IPsec), or use encrypted protocols in the guest network (such as
|
|---|
| 38 | SSH). The security properties are similar to bridged Ethernet.</para>
|
|---|
| 39 | </listitem>
|
|---|
| 40 | </itemizedlist></para>
|
|---|
| 41 | </sect1>
|
|---|
| 42 |
|
|---|
| 43 | <sect1>
|
|---|
| 44 | <title>Authentication</title>
|
|---|
| 45 |
|
|---|
| 46 | <para>The following components of VirtualBox can use passwords for
|
|---|
| 47 | authentication:<itemizedlist>
|
|---|
| 48 | <listitem>
|
|---|
| 49 | <para>When using the VirtualBox extension pack provided by Oracle
|
|---|
| 50 | for VRDP remote desktop support, you can optionally use various
|
|---|
| 51 | methods to configure RDP authentication. The "null" method is
|
|---|
| 52 | very insecure and should be avoided in a public network.
|
|---|
| 53 | See <xref linkend="vbox-auth" /> for details.</para>
|
|---|
| 54 | </listitem>
|
|---|
| 55 |
|
|---|
| 56 | <listitem>
|
|---|
| 57 | <para>When using teleporting, passwords can optionally be used to
|
|---|
| 58 | protect a machine waiting to be teleported from unauthorized access.
|
|---|
| 59 | Note however that these passwords are stored <emphasis
|
|---|
| 60 | role="bold">unencrypted</emphasis> in the machine configuration XML
|
|---|
| 61 | and therefore potentially readable on the host. See <xref
|
|---|
| 62 | linkend="teleporting" /> and <xref
|
|---|
| 63 | linkend="vboxmanage-modifyvm-teleport" />.</para>
|
|---|
| 64 | </listitem>
|
|---|
| 65 |
|
|---|
| 66 | <listitem>
|
|---|
| 67 | <para>When using remote iSCSI storage and the storage server
|
|---|
| 68 | requires authentication, a password can optionally be supplied with
|
|---|
| 69 | the <computeroutput>VBoxManage storageattach</computeroutput>
|
|---|
| 70 | command. Note however that this is stored <emphasis
|
|---|
| 71 | role="bold">unencrypted</emphasis> in the machine configuration and
|
|---|
| 72 | is therefore potentially readable on the host. See <xref
|
|---|
| 73 | linkend="storage-iscsi" /> and <xref
|
|---|
| 74 | linkend="vboxmanage-storageattach" />.</para>
|
|---|
| 75 | </listitem>
|
|---|
| 76 |
|
|---|
| 77 | <listitem>
|
|---|
| 78 | <para>When using the VirtualBox web service to control a VirtualBox
|
|---|
| 79 | host remotely, connections to the web service are authenticated in
|
|---|
| 80 | various ways. This is described in detail in the VirtualBox Software
|
|---|
| 81 | Development Kit (SDK) reference; please see <xref
|
|---|
| 82 | linkend="VirtualBoxAPI" />.</para>
|
|---|
| 83 | </listitem>
|
|---|
| 84 | </itemizedlist></para>
|
|---|
| 85 | </sect1>
|
|---|
| 86 |
|
|---|
| 87 | <sect1>
|
|---|
| 88 | <title>Encryption</title>
|
|---|
| 89 |
|
|---|
| 90 | <para>The following components of VirtualBox use encryption to protect
|
|---|
| 91 | sensitive data:<itemizedlist>
|
|---|
| 92 | <listitem>
|
|---|
| 93 | <para>When using the VirtualBox extension pack provided by Oracle
|
|---|
| 94 | for VRDP remote desktop support, RDP data can optionally be
|
|---|
| 95 | encrypted. See <xref linkend="vrde-crypt" /> for details. Only
|
|---|
| 96 | the Enhanced RDP Security method (RDP5.2) with TLS protocol
|
|---|
| 97 | provides a secure connection. Standard RDP Security (RDP4 and
|
|---|
| 98 | RDP5.1) is vulnerable to a man-in-the-middle attack.</para>
|
|---|
| 99 | </listitem>
|
|---|
| 100 | </itemizedlist></para>
|
|---|
| 101 | </sect1>
|
|---|
| 102 | </chapter>
|
|---|
