Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strategies to increase security


  • Please log in to reply
4 replies to this topic

#1 NotionCommotion

NotionCommotion

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 15 August 2012 - 02:02 AM

Hi, Thinking of different options to increase sleep quality.


Use one machine for non-secure use and another machine for secure use is well warranted.
- Use physically different hardware
- Use a virtual machine guest as the secure machine and the virtual machine host as the cowboy machine
- Use a virtual machine guest as the cowboy machine and the virtual machine host as the secure machine

Use Linux instead of Windows as my secure machine, and apply that to the above options

Please provide your thoughts. Thanks!

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 15 August 2012 - 02:30 AM

- Use a virtual machine guest as the secure machine and the virtual machine host as the cowboy machine


The paradigm with virtualization is that the host has full control over the guests, but not the other way around.
So a compromised host machine with secure guests is not a good idea.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 NotionCommotion

NotionCommotion
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 15 August 2012 - 08:07 AM

Thank you Didier Stevens,

What about the other way around? Using a virtual server as one's general use PC, and the host as the extra safe PC? Or is it highly recommended to use separate physical hardware? Obviously, physical hardware is more secure, however, would like a "reasonable" compromise between security and convenience.

Also, what about using Linux instead of Windows for the secure PC's operating system? I would then use Windows as my general use operating system.

Thanks

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 15 August 2012 - 04:13 PM

No, using a VM as a general surfing machine is a good compromise. I do this myself.

If you want to protect your machine against common malware, then using Linux on your VM is a good idea as there is significantly less malware for Linux than for Windows.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 NotionCommotion

NotionCommotion
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 15 August 2012 - 10:35 PM

Thanks Didier, Still have non-Internet threats such as email, memory sticks, etc to deal with on your attacked upon Windows based host. Maybe do the opposite? Granted, stuxnex attacked WinCC.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users