user_Security.xml revision ac153c99053f1edf42b00bf3a13475923bc4fcf1
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>The following features of VirtualBox can present security
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync problems:<itemizedlist>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>Enabling 3D graphics via the Guest Additions exposes the host
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync to additional security risks; see <xref
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When teleporting a machine, the data stream through which the
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync machine's memory contents are transferred from one host to another
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync is not encrypted. A third party with access to the network through
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync which the data is transferred could therefore intercept that
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync data.</para>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When using the VirtualBox web service to control a VirtualBox
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync host remotely, connections to the web service (through which the API
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync calls are transferred via SOAP XML) are not encrypted, but use plain
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync HTTP. This is a potential security risk! For details about the web
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync service, please see <xref linkend="VirtualBoxAPI" />.</para>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>All traffic sent over an UDP Tunnel network attachment is not
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync encrypted. You can either encrypt it on the host network level (with
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync IPsec), or use encrypted protocols in the guest network (such as
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync SSH). The security properties are similar to bridged Ethernet.</para>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>The following components of VirtualBox can use passwords for
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync authentication:<itemizedlist>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When using the VirtualBox extension pack provided by Oracle
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync for VRDP remote desktop support, you can optionally use various
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync methods to configure RDP authentication. The "null" method is
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync very insecure and should be avoided in a public network.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync See <xref linkend="vbox-auth" /> for details.</para>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When using teleporting, passwords can optionally be used to
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync protect a machine waiting to be teleported from unauthorized access.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Note however that these passwords are stored <emphasis
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync role="bold">unencrypted</emphasis> in the machine configuration XML
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync and therefore potentially readable on the host. See <xref
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When using remote iSCSI storage and the storage server
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync requires authentication, a password can optionally be supplied with
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync the <computeroutput>VBoxManage storageattach</computeroutput>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync command. Note however that this is stored <emphasis
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync role="bold">unencrypted</emphasis> in the machine configuration and
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync is therefore potentially readable on the host. See <xref
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When using the VirtualBox web service to control a VirtualBox
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync host remotely, connections to the web service are authenticated in
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync various ways. This is described in detail in the VirtualBox Software
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync Development Kit (SDK) reference; please see <xref
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>The following components of VirtualBox use encryption to protect
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync sensitive data:<itemizedlist>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync <para>When using the VirtualBox extension pack provided by Oracle
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync for VRDP remote desktop support, RDP data can optionally be
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync encrypted. See <xref linkend="vrde-crypt" /> for details. Only
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync the Enhanced RDP Security method (RDP5.2) with TLS protocol
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync provides a secure connection. Standard RDP Security (RDP4 and
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync RDP5.1) is vulnerable to a man-in-the-middle attack.</para>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync </listitem>