Are Chatty Apps Killing your WAN? (by Tim O'Neill)
OSTU - hrPING QuickStart Part 2 (by Tony Fortunato & Peter Ciuffreda)

Why Encrypt Virtual Machines (by Joke Snelders)

Joke_snelders Author Profile - My name is Joke (pronounced \yō-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.


Virtual machines
It's great to use virtual machines.
VMware Server is free.
You can use virtual machines for different operating systems, e.g. Windows 7 RC or Linux distros.
Or install a virtual machine, make a copy and use the virtual machine for different software, different applications, different...whatever.
If it does not work the way you want, delete the virtual machine and start all over again with a fresh copy.
Virtual machines are so easy to copy...

But what if the virtual machine contains sensitive data?

01_2_d2_sensitive_1

You don't want a copy of your virtual machine on someone else's pc.

VMware Disk Mount Utility
VMware Server uses virtual disk files (.vmdk) as disk drives for virtual machines.
Anyone can use the free VMware Disk Mount Utility (VMware), a command line program, to mount the .vmdk files. This utility can mount virtual disk files from a lot of operating systems. At the moment it cannot mount Windows Vista, Windows 7 and Windows Server 2008 virtual disk files.

The VMware Disk Mount Utility (VMware) is easy to use.
vmware-mount /? displays usage information

After installing the utility you can mount the virtual disk with a simple command:
vmware-mount [driveletter:] [path-to-virtal-disk] [options]

It is easy to browse and copy the contents.

VMware_disk_mount_utility

VMware DiskMount
If you want to mount Windows Vista or Windows Server 2008 virtual disk files, you can use VMware DiskMount (vmxbuilder).
At the moment these utilities cannot mount Window 7 virtual disk files.

The disk mount tools were developped for the ease of use. You don't have to start the virtual machines, but you can mount the virtual diskfile, browse the contents and copy some files for your own use.
But the problem is, when someone else gets hold of your virtual diskfiles, they can do the same.

A solution to this problem is to encrypt your virtual machines.

TrueCrypt
TrueCrypt is open-source disk encryption software.
Main features are:
Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Encrypts a partition or drive where Windows is installed (pre-boot authentication).
Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
Provides plausible deniability, in case an adversary forces you to reveal the password:
Hidden volume (steganography) and hidden operating system.
Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS. 

It is free;-) and well documented.

Install TrueCrypt on the virtual machine.
Launch TrueCrypt, choose Create Volume.
The Volume Creation Wizard will take you through all of the necessary steps to encrypt entire system drive.

I want to underline the following steps:
Before TrueCrypt encrypts the whole disk, it will create a rescue disk. You have to write the TrueCrypt Rescue Disk.iso to cd or dvd, otherwise you cannot proceed. In VMware server you can use Daemon Tools Lite (free for personal use) to mount the iso. After the disk is verified, you move to the next step.

System Encryption Pretest.
TrueCrypt verifies that everything works correctly. If the pretest has been successfully completed, you can start to encrypt your disk.

Pre-boot authentication.
This is handled by the TrueCrypt Boot Loader, which resides in the first track of the boot drive and on the TrueCrypt Rescue Disk. So keep your Rescue Disk cd or Rescue Disk iso in a safe place.
Next time you (or anyone else) wants to boot the virtual machine you have to enter the correct password before the operating system starts:

TrueCrypt_Boot_Loader
There is something to keep in mind.
When you create a new virtual Windows XP machine with for instance a disk size of 25GB and you don't allocate all the disk space at once, you will end up with a 2GB .vmdk file.
After encrypting the .vmdk file is as big as 25GB, because TrueCrypt also encrypts the unallocated space.

After the disk is encrypted you cannot mount the virtual disk file with VMware Disk Mount Utility (VMware): 

VMware_mount

You can mount the .vmdk file with VMware DiskMount (vmxbuilder), but when you try to browse it an error message pops up:
The disk in drive … is not formatted. Do you want to format it now? 

Windows_Explorer


Keep in mind…

It is easier to copy a virtual machine to a USB flash drive then to walk away with a real pc.

Take good care of your sensitive data and stay happy.


Continue reading other exclusive posts by Joke Snelders »

Comments