Home » Articles » Tutorial: High Security Virtual Machines
Click Here To Hide Tor

Tutorial: High Security Virtual Machines

Utilizing Virtualization to Increase Information Security

Anonymity, privacy and information security are issues that affect all people in today’s digital age, not just cyber-criminals and drug dealers. You might handle company secrets that competitors or hackers could use to wreak havoc upon your company and steal from your customers. You might work in a conservative setting in which your sexual orientation or political views would subject you to negative stereotyping. Perhaps you’re a medicinal cannabis user in a state with hostile laws surrounding the issue. Attorneys, doctors and accountants constantly face frivolous lawsuits that could destroy their careers, while journalists documenting governmental abuses could find themselves in all sorts of trouble before they know it. Maybe you simply value discretion in your personal relationships and communications, and expect a reasonable amount of privacy in your daily life.

The bad news is that obtaining such a measure of privacy is increasingly difficult, and uncommon, in today’s technological landscape, and I have no turn-key solution for this problem. The good news is that I can provide several simple security measures that are easy to implement and go a very long way in defeating all but the most sophisticated intrusion attempts.

Rule Number One: Don’t Have an Identity-Crisis

Failing to separate your “public” digital life (primarily your social media and non-sensitive interpersonal communications) with your expectedly private life is the number one mistake people make when attempting to establish information security or anonymity. This most basic of principals seems inmate to hackers but the majority of people don’t understand why the “private” Facebook conversation they had with their lover or the phone call out of ear-shot from third parties are sitting ducks for hackers or government spies (in these two scenarios, the attack surface consists primarily of phishing and MITM vectors for the former and baseband exploitation and/or malicious iOS/Android apps for the later, all are quite easily accomplished).

It’s an uphill battle to make your Windows 8.X install secure (if that’s your goal, say hello to Windows Server 2012, in core-mode, and bye to your GUI’s). Sadly, OS X, Android, and iOS are also compromised, as are your ISP and cellular services. When it comes to high-security computing environments, unless you’re using a *nix-based OS specifically designed with security in mind (Subraph Linux, a Whonix setup, Tails OS, etc. ) you can count your daily OS out of the picture. Fortunately, using some basic principles, we can establish a relatively secure environment within our vulnerability-ridden daily workstations quickly and easily.

Many people are not ready to take the leap to convert their primary machine to, for example, a bare-bones Linux install, and give up all of their fun, privacy-invading/vulnerable Apps/Plugins/Widgets, and the method described in this article provides a healthy medium. If you’ve never used VirtualBox or VMware now is a good time to start. Beyond providing a platform to establish a more secure computing environment, virtualizing OS’s and servers can open many possibilities for technology professionals. Virtualization technology itself is mature and enterprise-quality. It provides for the standardization of development (and run-time) environments across diverse host types; many of your favorite cloud-based apps and websites run on virtualized servers. Virtualization also allows ordinary users an easy way of trying out new operating systems without committing a physical system to the project.

For this guide, we will use Oracle’s VirtualBox. Both VMware and VirtualBox offer free virtualization solutions as well as more robust “workstation” packages for commercial use, all of excellent quality. Virtualbox, however, has an open-source version that we will use as it provides some additional measure of security in knowing the codebase is community-reviewed. It should, however, be noted that exploits targeted at both of these softwares do exist. Merely virtualizing a secure OS by a non-secure OS is not DEFCON-1 level security, but it’s an excellent counter-measure to common exploits that average users can implement freely and easily.

I must also point out this rule goes two ways; when you are happily surfing the deep web from your high-security virtual machine, please, people, don’t hop over to your Facebook page or check your Gmail within your high-security environment. The reasons for this are numerous and hopefully obvious. In this context, having an identity crisis refers to mixing your private and non-private identities in any way.

Rule Number Two: Don’t Be So Non-Volatile

One of the easiest ways to lock-down your high-security environment is to simply use read-only (as ISO’s are by default) disk images as your guest. Most distributions of Linux have “Live-Install” iso images that can be downloaded and virtualized in minutes. No installation is required, no virtual drives need be created, and, more importantly, the guest OS writes nothing to the hard disk of the host. The filesystem of the guests resides entirely within the ISO, which is of locked size and content (attempting to write to an iso image will yield an I/O error). It’s static, and it contains everything our guest OS needs to function; web browsers, email clients and messaging clients are all included. That ISO of a new Linux spin you just downloaded isn’t changing, in size or content, whether we like it or not, and in this case we like that. It means everything the guest OS does resides only within our machine’s RAM. RAM is volatile; as soon it loses power (any time your machine is power-cycled, for example) all of its contents are erased, and in general its contents are erased and overwritten thousands of times per second. Effectively, what this means is as soon as you close your virtualization software and turn off your machine, all traces of the guest OS are eliminated from memory, and nothing is ever written to your host’s disk drive. We also have the added benefit of snappiness in our guest OS; RAM is much faster than hard disks, even solid state drives.

The only exceptions to this are when we tell the virtualization software to save the state of our machine to disk (ie “pausing” or “suspending” the state of the guest OS) or when the host OS commits the RAM the virtualization software is using to a swap file (or “paging” file, a portion of your disk drive used to emulate RAM). The first exception can easily be avoided: don’t save the state of your virtual machine when you’re done using it. Power it off. The second issue only occurs if your machine is starved for RAM and even then is only of concern for the usually very brief period of time in which the RAM is virtualized on disk. If you need to make sure your guest OS doesn’t touch swap memory on your device, you can use the linux command mlock(2) or adjust the “swappiness” of the guest linux OS. At any rate, your swap memory is normally purged upon closing of VirtualBox/VMware and most always purged (again) upon shutdown of the host OS.

This is a convenient way to ensure that our high-security virtual machine does not leave traces on our hard disk that could later be analyzed. In other words, the non-volatile memory of the host OS is never touched by the guest OS.

Rule Number Three: NIC Your Problem in the Bud

After choosing a security-oriented ISO image and creating our Virtual Machine (instructions below), we still must consider how the guest OS uses our host’s networking resources: our wifi and ethernet cards. By default, network address translation (NAT) is configured by the virtualization software such that the guest OS shares an IP address with the host. Effectively, this means the two share an internet connection and packets could be intercepted, in both directions on both machines. Furthermore, with this default configuration, malware compromising the virtualization software’s drivers (to translate your, for example, OS X host’s connection into the Linux guest’s world) increase the attack surface as well. The best and sure-fire way to prevent this is to nic (sic) the problem in the bud and use a dedicated network interface card on your guest OS. In layman’s terms: Go buy a $10-$20 wifi adapter and tell VirtualBox to connect it to your high-security Virtual Machine. For additional security, change the MAC address of your dedicated NIC (now controlled by the guest VM). These measures will ensure that the traffic between the host OS and the guest OS never mix.

It must be noted that any time you are virtualizing an OS, the host (the OS upon which your virtualization software such as VirtualBox or VMware is running) as well as any network (which the virtualized OS, the guest, connects to) might still be at-risk, so if you believe these things are already compromised or that you might be the target of an advanced persistent threat, you should operate with a native install of a high-security OS and only send packets over an iron-clad VPN or SOCKS5 proxy (for the moment even Tor can not provide absolute security, unfortunately).

Instructions:

  1. Download VirtualBox here
  2. Choose and download an appropriate Linux Live-Install ISO (we recommend Tails OS, which can be downloaded for free here )
  3. Within VirtualBox, create a New Virtual Machine and choose Linux as the OS; selecting a Debian/Ubuntu 64-Bit architecture works fine for most distros.
  4. Select Skip when asked to configure a virtual hard disk (we will be using only the ISO image to avoid making changes to our host’s disk drive)
  5. Under the System Settings of your VM, adjust the RAM to at least 1024 and preferably 2048 MB (1-2 GB); most modern Linux machines require at least this much to function smoothly. Under the System->Processor preference pane, adjusting the number of processors of your VM to 2 will improve responsiveness by allowing for basic multithreading within the guest OS.
  6. Under the Network settings of your VM, DISABLE all network adapters.
  7. Start your VM, Select ISO, click the USB-Devices icon and switch over your external WiFi adapter.

Be sure to get the latest versions of VirtualBox and Linux ISO, in this case TailsOS Version.

For advanced users, Whonix is especially well-suited for virtualized high-security Tor portals and provides a convenient way to “torify” your primary OS’s traffic; the Whonix Gateway serves as the torifying layer, and the Whonix Workstation (an independent VM) can be used, or you can configure your primary OS to use the Whonix VM as a proxy. More on this topic in upcoming guides.

Screenshots for Instructions

Step 1: Download and install VirtualBox:

virtuabox

Step 2: Download Tails OS. Advanced users might consider Whonix:

Tailsdown

Step 3: Create your VM. For smooth operation, one GB of RAM, and preferably two, is required. To further increase responsively add a second processor core.

createvm

Step 4: Select do not add a virtual hard drive:

harddrive

Ignore VirtualBox advising you your VM has no virtual disk; that’s exactly what we want in this case:

ignore Add 2nd core:

secondcore

Step 6

Again, unless you know exactly what you’re doing, it is best NOT to share network adapters between your VM and your regular desktop environment:

adapters

Step 7

Fire up your secure VM. Upon the first startup, you will be prompted to choose an ISO for your startup disk:

fireupvm

If your VM ever complains it doesnt have a bootable drive, simply configure the setting in the Storage preferences:

storage

Step 8

Once you’ve got your VM fired up, click the USB icon in the lower right of the VirtualBox windowed display and connect your independent network adapter. Tails will automatically randomize the MAC address; if you’re on a different Linux, issuing a command such as

#ifconfig wlan0 ether XX:XX:XX:XX:XX

Will add an additional measure of security in that your NIC does not use a vendor-specific MAC address (ie your Ralink wifi adapter won’t announce itself as “Ralink”)

tails

Stay tuned on how to configure higher security configurations, implement roving MAC addresses, etc.

24 comments

  1. nice information-

    however one glaring danger to your network security and I’ve had it happen to me- multiple times.

    It happens when an attacker with sophistation and unlimited resources comes at you through your vpn in the vm guest. They send a ‘request’ for lack of a better word to disconnect your usb device. My AWUS Alfa for instance- from the guest. Unless configured not to- this automatically connects your wireless, fast as a whip I might ad- directly to your host pc. Any thing connected on your host, for example skype, im, facebook, -virtually any webpage, now sends out a few pings, requests etc over that dongle.

    Dangerous.

    One possible solution I found is to make absolutely certain you don’t install the drivers or software for your wifi adapter on your HOST machine, so on random disconnect from the GUEST -the host has no idea what to do with it. You head a “ding” from windows that it’s been disconnected which alerts you, but you’re not frantically trying to mouse ouut of your guest before facebook connects over it.

    Better yet? Get a different pc for your non privacy work. And never ever, -ever- confuse the two.

  2. what abt just using i2p on a linux distro’ like UBUNTU and running MAC-changer from the terminal command line?

  3. I recommend Qubes OS. They virtualize everything and can have a VM setup as a TORVM to route all traffic from a Xen VM through that TORVM.

    It is really quite neat.

    • GrifBA

      aka- extremely complex? Lightyears of complexity over the average dark market dweller’s head? “Neat” doesn’t quite describe the worlds most secure and intricate OS :’

      • Ballington Chindribbles

        Except it is pretty neat. And it’s not like a command line only OS, it’d supposed to be a fully graphical workstation/hypervisor. You don’t have to know how it works for the most part to use it. You just need a lot of RAM, and a decent newish processor with an iGPU, as well as Vt-d/IOMMU (supported by your motherboard chipset too). That’s not much more complicated than using something like Whonix, and a lot less complicated than building a secure server from scratch.

  4. Shout out to the OP, major douchbag.
    Do not, DO NOT follow this guide.

    VOID EVERYTHING.

    DeepDotWeb must get a lot of visits for their sanitary directory repository but articles like this truly discredits this place.
    Damn you’re dumb. Great OPSEC ;)

    • gitmof

      why? can you elaborate, please?

      other than juvenile insults, what is problem with the above guide?

      It’s better OPSEC than what many use…

      • I suspect that is because running a high sec OS in a VM run in a compromised OS hardly grants any benefits. And an attacker will also know that you act ‘suspiciously’. Is your windows machine safe? (hint: if it is you do not need any whonixes)

      • bugiarto

        Yes! And no HDD too, you know guys, damm firmware (seagate, ibm, western…), just open firmware, if it’s possible… and jesus, no windows, virtual or not!

        • no HDD is nice but you need to run a RAMdisk. What versions of secure LIVE linux can you actually mount a massive RAMdisk big enough to copy in your VMs? Gave it a shot in Puppy/Slackware but the limit was like 4GB or something…to small- need to find a build where you can mount 30-40Gigs easily and then switchroot and unplug the damn thing-

  5. If I set up the VM running Tails, how can I import (use) my PGP-Keys, passwords (KeePass). Persistent folder can’t be created, isn’t it? I try host-to-guest input (for USB-Stick), but it doesn’t work. “Guest Additions” for shared-folder cannot be loaded, cause the ISO of the live-system is mounted. Any solutions for that?

  6. why not just put it on a USB? Even tails own site recommend this way over virtualbox.

    • rax55

      Exactly why this article is poor opsec. The Tails website explicitly states why running it via a virtual machine on windows – or any OS – is a risk. If your windows OS is compromised so to will your VM likely be. Just run Tails from a USB as a completely seperate OS. Why in the hell would you run it via VM on an OS you use to check your FB account ? There is no point unless you get a thrill from playing Russian Roulette.

  7. wipe your HDD’s firmware regularly. Download the latest version and a previous version and switch between the two- (to make certain it overwrites) Create a link on the desktop and do it regularly. FED malware lives there as well as GPU bios’… wipe ’em clean and neat with every shutdown. Just be prepared that they WILL brick once in a while…

  8. Don’t host hidden service at your home, use some public institution like schools, university, etc, you can hide PC/server in the roof, wall, etc. if you are admin, even better, you can use your job to hide computer somewhere. or simply pay some poor man to keep PC/server at his home :) There are people who will take a risk if you pay them well.
    imagine ulbricht paying some poor man, now ulbricht would be free.
    it was strange for me when I read: man arersted with 2kg cocain in his car and later police found in his apartment 38kg more. I was always asking myself: why he didn’t pay somebody to keep cocaine in his home, he could pay somebody and to drive 2kg, but people prefer to do everything persoanlly and they get arrested with 40kg.

    • Seriously? Do you naively imagine that the “authoritae” doesn’t have greater means to bribe the “poor person” or has scruples against the practice (or any scruples at all)? NTM a capability the privacy-seeker almost entirely lacks – posing a credible threat to incarcerate, torture, or kill the “poor person” or his/her loved ones? The only advantage the privacy-seeker even potentially has in this game you have postulated is moral superiority, and that is the first attribute the impoverished will ignore in the interests of food, shelter, and security (or the perception thereof). This principle is the fundamental basis of all politics. In your scenario, the jack boots hold a sizable and permanent “house advantage”.

      -VinnyG

  9. There are some good suggestions in here, but I wouldn’t characterize it as state of the art, and there are some of these suggestions that are questionable if they are not paired with an explanation of what happens when you get it wrong.

    Every ethernet or wifi card has a MAC address, a 48 bit unique identifier burned into the card by the factory. This information is similar to the IMEI on a phone, if you bought your laptop new with credit card and you hit an FBI NIT (network investigative technique) that grabs your MAC, you’re caught. See Torsploit/Freedom Hosting for how that works.

    Using a USB wifi device for virtual machines is an interesting move, but only if you pay cash at a little computer shop that doesn’t have security cameras. This gives you a MAC you can dispose of at will.

    MACs are soft configurable, TAILS changes at random on every boot. If you use any OS as a virtual machine the NIT will get a MAC address from the pool associated with VirtualBox, which is useless unless they happen to get you or your system at the same time. Remembering to change these is deep discipline, well outside the bounds of what most DNM guys are doing.

    You don’t have to be flawless as a DNM user, you just have to be in the upper 25% of the class, so the man will get frustrated chasing you and go bother someone else. Anyone hosting a market had better know everything I do and then some, because playtime is over.

    • Yes. Best practice here is to buy a NIC off Craigslist for cash without breaking your anonymity to the seller. If you need to communicate with the seller by phone, use a Tracphone or similar other device/service that allows registration of purchased minutes without authenticating actual identity. If the capability exists to erase the serial number of your host machine from EPROM, take advantage of that (this is one attribute that I suspect a VM may be able to read from the host by default or accident). Also, it bears noting that the “read only” attribute of all or nearly all flash memory, including USB storage (and unlike true CD-ROM) is a “software switch” only, not a means to physically disable write circuitry. That means that it amounts only to a “suggestion” to the OS, which can easily ignore it (or be subverted to do the same).

      VinnyG

  10. Followed you instructions to the dot and got the VM running. Decided to check out Tails OS and how secure it is. Did a scan with GRC Shields Up. All ports are closed (should be stealth) with ports like 80 open.

    Did I do something wrong or Tails OS like this?

  11. Have the promised follow-up articles been published? In spite of the slams against this advice, it is better than 90% of what I see on the web, and can potentially be followed by a user who does not have infosec expertise. After all, as one commenter noted in slightly different terms, you don’t need to run faster than the bear, just faster than its other potential food sources… I would be very interested (for example) in a follow-up regarding how best to secure found or developed information that must be stored permanently outside of the VM environment (inevitable requirement).

    VinnyG

  12. I wouldn’t recommend the tails Os at the moment since the latest leak and attack made to the TOR network by the NSA, also i would like to point out the fact that the TAILS team itself discourages the use of it in a virtual environment.
    Anyway the best OS solution for anonymity via virtualization is WHONIX in my opinion that works on the same basic concept of TAILS butit is born and optimized for usage on a virtual environment

  13. While the recommendation to use a second NIC to separate and isolate your VM traffic is good, I would add a few suggestions based on the VBoxAntiVMDetectHardened patch:

    1. Set Paravirtualization Interface to “Legacy”. This need to be done to avoid detection by Hypervisor Present flag.

    2. In the Display settings, UNCHECK any kind of acceleration here – totally bugged and previously exploited feature.

    3. Better to use dynamically allocated VDI images, with size not less than 16 GB, as HDD size is VM indicator for some lame malware.

    4. DO NOT INSTALL VitualBox Guest Additions

  14. Can I use Tails OS for software Development, meaning installing and saving(persistance) softwares and files on the persistance volume.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *