Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

even outside the Live OS. You can further explore the encryption of full disks on
Wikipedia
[144]
.
10.1.3 Live OS & Virtual Machines: the risks
VMs are a truly excellent tool: in a nutshell, they allow to create a computer
within  a  computer!  They’re  often  used  when  the  Operating  System  is  not
compatible  with  some  software  (ex.,  when  you  want  to  use  Windows
applications from a Mac).
However,  I  recommend  you  to  perform  all  your  tests  in  a  Live  working
environment, at least for now. The reason is related to different choices in terms
of  workspace  sanitization:  in  Tails,  for  example,  the  “anti-forensic”  properties
would  be  compromised  if,  launching  a  GNU/Linux  distro  within  a  Virtual
Machine, the latter writes the host computer swap with files otherwise destroyed
in Live; additionally, it may happen that, putting the VM in hibernation or stand-
by,  the  WHOLE  operating  system  is  stored  in  a  temporary  page  file,  thus
exposing all the Tails content (by the way, VirtualBox & Co. are integrating disk
encryption options on top of the software).
In anonymity scenarios, using Live GNU/Linux distros is strongly advisable.
When necessary, you can set-up a USB/SD drive to contain user-reserved space
for  their  configurations,  resulting  in  a  hybrid  system  capable  of  working  as  a
Live, as well as storing files and whatnot like a normal installation.
10.2 Virtualized environments
When  it  comes  to  IT  Security,  a  virtual  environment  can  ensure  a  good
isolation in different scenarios: just think that, if you wish to study the behavior
of  some  malware,  it’s  crucial  to  use  a  virtualized  system,  in  order  to  safeguard
the central Operating System. Just like a Live, everything happening in a Virtual
Machine (usually) stays within the Virtual Machine: I wrote ‘usually’ because a
VM may be attacked and slip out of the host computer control, but we’re going
off topic, probably.
Using an operating system anonymously within a VM is utterly wrong: most
of  the  aforementioned  procedures  refer  to  obfuscation  methods  that  require  the
full  control  of  the  hardware  in  use  by  the  System  (just  think  about  the  Mac
Spoofing). As the term suggests, virtualization is all about virtualizing hardware;
if  we  decide  to  perform  the  Mac  Spoofing  for  a  virtualized  environment,  we

would  ONLY  change  the  virtual  Mac  Address,  and  not  the  real  one!  Such
operation  can  be  done  ONLY  from  the  host  Operating  System,  namely  the  one
hosting the VM and not vice versa.
But what if the host is the Operating System providing its Virtual Machines
with anonymity? Then the scenario would be extremely beneficial for the user.
10.2.1 Qubes OS
The Qubes OS
[145]
project dates back to 3 September, 2012 – created by an
IT researcher, Joanna Rutkowska. This particular Operating System introduces a
security  approach  defined  as  isolation:  essentially,  it’s  taken  for  granted  that
every  piece  of  software  may  be  potentially  harmful  and  that  a  single  bug  may
compromise the entire IT system.
Qubes  is  based  on  Fedora  Linux,  but  provides  a  para-virtualization  system
through Xen: its microkernel allows to create separated workspaces, here known
as qubes, where the tools coexisting in the same domain can interact. To better
understand this concept, look at the Figure 47 carefully.

Download 2,32 Mb.

Do'stlaringiz bilan baham: