Virtually Evasive (Computer Security)

So you’ve all seen the Zuckerberg picture where he has his webcam taped up right?

What if you didn’t need to do that? In this article I’ll be looking at using freely available virtual machine software to create a thick layer of evasive security under your AV and Firewall.

The Virtualness

The beauty of virtual machines is that you can set up this lovely sand boxed environment, it might get compromised, something might get corrupted, there may be nasties’ lurking around in it. But you can just tear it down, load up a new VM (Virtual Machine) and be on your merry way.

Great! so lets use a Virtual machine right?

  • Secure pot

Right. So we’ve got secure pot, we’re loving life with this added layer of security… but wait, is it secure? Because (ahem) we’ve been mixing business with pleasure on this virtual machine… And isn’t that was causes us to get compromised… A dodgy website? So you shouldn’t go on a dodgy website and then log in and do some online banking, because that’s one sure fire way of getting your life savings withdrawn from a little town in Mexico. So okay, lets create two VMs:

  • Honey pot -pleasure
  • Secure pot -business

Excellent, We’ve got two virtual machines, one for business, one for pleasure. And By pleasure I mean for use on any site that may be shady or doesn’t use HTTPS. But where do our social media sites sit in all this? I don’t want to have my Facebook hacked because it falls under the pleasure category. And its not really business. So maybe we need to create an additional VM, lets rename these

  • Unsecure — unscrupulous browsing
  • Secure — Business/Banking/Transactions
  • Social — liking cats on instagram, writing articles on Medium (Browsing -known- HTTPS websites)

That’s great, now if one gets compromised my whole life doesn’t unravel. (provided I’m pretty smart with password usage for my software, services and accounts… But that’s a whole different kettle of fish).

But we do more then browse the internet all day (I’m guessing here). What if we want to communicate with someone on Skype or by email? We probably need another VM

  • Unsecure — unscrupulous browsing
  • Secure — Business/Banking/Transactions
  • Social — liking cats on instagram, writing articles on Medium (Browsing -known- HTTPS websites)
  • Communication — Skype, email (of known recipients)

This is pretty cool, but in order to make it that little bit more secure only known recipients should be opened on the communication vm, setup a rule that allows for this in the email client. Now technically the social and the comms VMs could both be merged, but the segmentation is kinda cool.

The Evasiveness

We’ve got all these virtual machines, currently all they do is segment my digital life. This ain’t helping!

So lets get evasive…

We kinda don’t wanna use the real machine anymore, so blocking all network traffic (except VM ) is a good idea. This should help to stop the real machine from getting compromised, now all traffic passes through to the VMs (which are paused when not in use). Ok. One security measure ticked

Ok this is good, but its not doing much, now the real evasiveness kicks in. Setting up a windows service on your ‘real’ machine that deletes your VMs and rebuilds a fresh version in increments of your leisure. That is to say, if Unsecure gets compromised, well that doesn’t matter because we have no personally identifying data on it -and- its being deleted tonight so when we browse again tomorrow it’ll be virus free :)

If the virtual machine has command line control, then you can set up a bat file that tears down your machines and rebuilds them at a time when you’re not using the computer (I typically set mine up to tear down and rebuild at 3 am every night).

This doesn’t cover the worrying fear of someone watching me on my web cam!! Well, since Virtual machines are sandboxed, we can tell our virtual machines what ‘virtual’ hardware it has. So if the web cam is plugged into USB port number three, well we just go ahead and tell said virtual machine that it only has two ports (port one and two) If the webcam is built in, we can tell the tell the virtual machine not to include the hardware prior to making the VM.

Alas, Virtually Evasive Security

Let me know your thoughts :)