WEBVTT

1
00:00:00.869 --> 00:00:02.610
<v Instructor>In this demonstration, I want to show you</v>

2
00:00:02.610 --> 00:00:05.460
how you can better secure your virtual machine

3
00:00:05.460 --> 00:00:07.590
from your outside environment.

4
00:00:07.590 --> 00:00:09.900
We're going to do that by using encryption

5
00:00:09.900 --> 00:00:11.550
as well as disabling sharing

6
00:00:11.550 --> 00:00:13.470
between the host operating system,

7
00:00:13.470 --> 00:00:15.450
in my case, the Mac system,

8
00:00:15.450 --> 00:00:17.880
and my Windows 10 virtual machine.

9
00:00:17.880 --> 00:00:19.950
If I don't allow sharing between the two,

10
00:00:19.950 --> 00:00:22.680
that way, even if the Windows machine gets a virus

11
00:00:22.680 --> 00:00:23.880
or some sort of malware,

12
00:00:23.880 --> 00:00:25.740
it can't escape the virtual environment,

13
00:00:25.740 --> 00:00:28.230
and it can't affect my host operating system,

14
00:00:28.230 --> 00:00:29.880
which is the Mac.

15
00:00:29.880 --> 00:00:32.640
So from within VirtualBox on the left side,

16
00:00:32.640 --> 00:00:34.800
you'll have all of your systems listed.

17
00:00:34.800 --> 00:00:36.420
On this one, it's a new install,

18
00:00:36.420 --> 00:00:38.430
and I only have the one Windows 10 machine

19
00:00:38.430 --> 00:00:39.960
that I made earlier.

20
00:00:39.960 --> 00:00:41.550
Now, if you go ahead and click on it

21
00:00:41.550 --> 00:00:43.320
and then click on settings,

22
00:00:43.320 --> 00:00:45.570
you'll have these settings for it.

23
00:00:45.570 --> 00:00:47.670
There's two areas that I want to go through.

24
00:00:47.670 --> 00:00:50.100
The first one is disk encryption.

25
00:00:50.100 --> 00:00:52.860
You have this file on your system

26
00:00:52.860 --> 00:00:55.920
that's holding your entire Windows operating system,

27
00:00:55.920 --> 00:00:57.660
that virtual machine.

28
00:00:57.660 --> 00:00:59.340
So I'm going to go into Finder,

29
00:00:59.340 --> 00:01:02.490
and it's in my VirtualBox VM folder.

30
00:01:02.490 --> 00:01:06.180
In here, I have this one folder that is Windows 10.

31
00:01:06.180 --> 00:01:09.600
And underneath it, you'll see that I have some log files.

32
00:01:09.600 --> 00:01:11.253
I have some configuration files,

33
00:01:12.105 --> 00:01:14.430
which is my VirtualBox settings, and this VDI.

34
00:01:14.430 --> 00:01:18.480
This 9 gigabyte file is the entire hard drive image

35
00:01:18.480 --> 00:01:20.520
of that Windows 10 machine.

36
00:01:20.520 --> 00:01:22.950
And right now it's not encrypted,

37
00:01:22.950 --> 00:01:24.900
and so anybody who got this access

38
00:01:24.900 --> 00:01:26.820
to this machine could get the data

39
00:01:26.820 --> 00:01:28.350
from that Windows machine.

40
00:01:28.350 --> 00:01:29.490
And we don't want that.

41
00:01:29.490 --> 00:01:32.040
So one of the things you want to do is go into VirtualBox

42
00:01:32.040 --> 00:01:33.660
and under your general tab,

43
00:01:33.660 --> 00:01:35.820
there is this disk encryption setting.

44
00:01:35.820 --> 00:01:37.830
You can enable disk encryption.

45
00:01:37.830 --> 00:01:40.650
You can choose which cipher it's going to use,

46
00:01:40.650 --> 00:01:45.650
AES 256 or AES 128, 256 has a higher bit key,

47
00:01:45.660 --> 00:01:46.860
so it's going to be better.

48
00:01:46.860 --> 00:01:49.953
And then you can give it a long strong password.

49
00:01:54.300 --> 00:01:57.570
Something like this is going to give me

50
00:01:57.570 --> 00:02:00.330
a nice, long, 16 character password,

51
00:02:00.330 --> 00:02:02.400
which is a mixture of uppercase, lowercase,

52
00:02:02.400 --> 00:02:04.200
special characters and numbers.

53
00:02:04.200 --> 00:02:06.340
When I click OK, it's going to go through

54
00:02:07.192 --> 00:02:08.670
and encrypt that disk image.

55
00:02:08.670 --> 00:02:11.208
This may take a while on your system

56
00:02:11.208 --> 00:02:12.630
depending on how powerful your system is

57
00:02:12.630 --> 00:02:14.880
because the encryption process does have

58
00:02:14.880 --> 00:02:18.720
to take processing resources and disk access resources.

59
00:02:18.720 --> 00:02:21.780
On my system, this only took about 30 seconds

60
00:02:21.780 --> 00:02:23.820
because we have a very high performant system

61
00:02:23.820 --> 00:02:25.950
using solid state hard drives.

62
00:02:25.950 --> 00:02:28.830
The second thing we want to do is go into our settings

63
00:02:28.830 --> 00:02:31.110
and look at our shared folders.

64
00:02:31.110 --> 00:02:32.700
So right now you can see under disk encryption,

65
00:02:32.700 --> 00:02:35.340
we do have a nice encrypted disk.

66
00:02:35.340 --> 00:02:37.770
And when we go over here to our shared folders,

67
00:02:37.770 --> 00:02:40.380
we don't have any setup right now.

68
00:02:40.380 --> 00:02:42.150
Now here inside the shared folders,

69
00:02:42.150 --> 00:02:44.970
if you add a folder, this will make a connection

70
00:02:44.970 --> 00:02:49.110
between the virtual machine and the host machine.

71
00:02:49.110 --> 00:02:50.970
So in my case, if I want to go ahead and connect

72
00:02:50.970 --> 00:02:55.470
my Mac's desktop folder to this Windows machine

73
00:02:55.470 --> 00:02:57.630
I can go ahead and hit auto mount,

74
00:02:57.630 --> 00:02:59.850
which will allow me to auto mount this folder

75
00:02:59.850 --> 00:03:02.790
as a shared resource that the Windows machine can get.

76
00:03:02.790 --> 00:03:04.410
You can also do it as read-only,

77
00:03:04.410 --> 00:03:05.970
so it's a one-way transfer

78
00:03:05.970 --> 00:03:08.670
where the Windows machine can read from the Mac,

79
00:03:08.670 --> 00:03:12.120
but the Mac can't read from the Windows machine right now.

80
00:03:12.120 --> 00:03:14.610
I have it set up as a two-way share.

81
00:03:14.610 --> 00:03:16.170
We'll go ahead and hit OK.

82
00:03:16.170 --> 00:03:18.770
And I can go ahead and boot up this Windows machine.

83
00:03:22.050 --> 00:03:24.300
Once you go to boot it, because we've set that encryption,

84
00:03:24.300 --> 00:03:27.810
we do have to enter that long strong password each time.

85
00:03:27.810 --> 00:03:28.950
That is decrypting the file

86
00:03:28.950 --> 00:03:31.470
and allowing us to boot up the hard drive.

87
00:03:31.470 --> 00:03:33.960
And now once we're booted up into Windows,

88
00:03:33.960 --> 00:03:37.110
we can click on the folder, we can go to network,

89
00:03:37.110 --> 00:03:39.360
and you'll see there is now this network server

90
00:03:39.360 --> 00:03:41.430
called V box server.

91
00:03:41.430 --> 00:03:44.220
This is what hosts all the shared files and folders.

92
00:03:44.220 --> 00:03:46.290
And so here we can see the desktop folder

93
00:03:46.290 --> 00:03:49.200
that I shared is now sitting there.

94
00:03:49.200 --> 00:03:50.033
And from here,

95
00:03:50.033 --> 00:03:51.900
you can see my Mac desktop is currently empty.

96
00:03:51.900 --> 00:03:53.220
Now if I look at the Mac,

97
00:03:53.220 --> 00:03:55.530
you can see there's nothing on my desktop.

98
00:03:55.530 --> 00:03:57.450
Let's go ahead and make a file here

99
00:03:57.450 --> 00:04:00.305
just to show that we have a connection between the two.

100
00:04:00.305 --> 00:04:01.196
I'm going to go ahead

101
00:04:01.196 --> 00:04:04.320
and create a text document said from Windows.

102
00:04:04.320 --> 00:04:05.880
And now if I go back over here,

103
00:04:05.880 --> 00:04:08.190
you'll see from Windows is there.

104
00:04:08.190 --> 00:04:09.960
And that two-way connection is dangerous

105
00:04:09.960 --> 00:04:12.030
because if you have a Windows host system

106
00:04:12.030 --> 00:04:14.130
and a Windows virtual machine system,

107
00:04:14.130 --> 00:04:16.260
and you get some sort of a virus or malware

108
00:04:16.260 --> 00:04:18.030
inside the virtual machine,

109
00:04:18.030 --> 00:04:20.790
it can then be transferred to your host computer.

110
00:04:20.790 --> 00:04:22.620
So what I recommend is that

111
00:04:22.620 --> 00:04:24.810
we don't have that connection set up.

112
00:04:24.810 --> 00:04:26.760
So inside of VirtualBox,

113
00:04:26.760 --> 00:04:29.760
I like to go in and delete those connections,

114
00:04:29.760 --> 00:04:33.780
and make sure that this virtual machine stays isolated,

115
00:04:33.780 --> 00:04:36.390
that there is not a connection between the two.

116
00:04:36.390 --> 00:04:38.790
And that is going to give you a little bit more security

117
00:04:38.790 --> 00:04:40.593
when using these virtual machines.