Open Source

Security Tools: Sun's VirtualBox

Using Sun Microsystems' VirtualBox, Linux security tools and threat testing can be executed on a Windows platform. And the cost is right. VirtualBox is an open-source solution.

Security analysts often use Linux-based tools to scan network segments, systems, or test Web services thought to be hostile to Windows systems. Some are challenged by the potential cost of maintaining two systems—one with the ubiquitous and business approved Windows implementation, and one running Linux. But cost shouldn't be a problem with the availability of open-source virtual desktop solutions, like Sun Microsystems' VirtualBox.

Tired of supporting two laptops, I decided last week to look for an open-source desktop VM solution. There are several, but I settled on VirtualBox. It's backed by Sun, comes with a detailed easy to follow 213 page manual, and received good marks from its users. Using VirtualBox and Ubuntu 8.04, I had Linux operational on my Dell XPS system—running Windows XP SP2 as host OS—in less than an hour.

I started by downloading and installing VirtualBox. It was an .MSI file, and installed without incident. When installation was complete, VirtualBox opened the Window shown in Figure 1.

 

Figure 1: VirtualBox Welcome Window

Figure 1: VirtualBox Welcome Window

To start building a virtual Linux machine, I clicked on the New icon. This initiated a wizard that walked through the VM build, starting with the virtual environment's name and OS. As shown in Figure 2, I entered Test Image and selected Ubuntu from a drop-down list.

 

Figure 2: Naming the VM

Figure 2: Naming the VM

Clicking Next brought me to the RAM definition window, shown in Figure 3. You can use the slide bar or type in the amount of memory to set aside for Linux. I entered 256 MB to see how well Ubuntu performed in a virtual environment with minimal resources.

Figure 3: Defining Memory Use

Figure 3: Defining Memory Use

Finally, VirtualBox asked what kind of virtual drive I wanted. It supports two types that are described in the manual as follows:

  • A dynamically expanding file will only grow in size when the guest actually stores data on its virtual hard disk. It will therefore initially be small on the host hard drive and only later grow to the size specified as it is filled with data.
  • A fixed-size file will immediately occupy the file specified, even if only a fraction of the virtual hard disk space is actually in use. While occupying much more space, a fixed-size file incurs less overhead and is therefore slightly faster than a dynamically expanding file.

I chose a fixed-sized file, selected a path for the virtual drive file, and set the size as shown in Figure 4. A .VDI file was created on my Seagate USB drive. I then accepted it as the VM boot drive, as displayed in Figure 5.

Figure 4: Setting Disk Size

Figure 4: Setting Disk Size

Figure 5: Boot Hard Drive Selection

Figure 5: Boot Hard Disk Selection

This was the final step. My virtual machine, sans an OS, was created and displayed in the VirtualBox management window. See Figure 6. Details about the VM's configuration are shown on the right. The only thing left to do was to an an OS to the VM.

Figure 6: Management Screen

Figure 6: VM in Management Window

I had already created an install CD using the Ubuntu .ISO file. I placed it in my CD-ROM drive, clicked Settings at the top of the management window, and mounted my CD drive to the VM, as shown in Figure 7.

Figure 7: Mounting CD

Figure 7: Mounting CD

I closed the drive mounting window and clicked Start to initiate VM boot. Since no OS existed on the virtual drive, and the VM is configured by default to use the CD drive as a secondary boot device, Ubuntu immediately loaded. I followed the basic Ubuntu process to install it into the VM. Everything installed as expected. I exited the VM and clicked Start again from the VirtualBox management window. Ubuntu loaded perfectly from the virtual drive. I had a Linux-based VM on my Windows XP laptop. Figure 8 shows the Microsoft Web site displayed in the Linux Firefox application, on top of the host systems IE8 (beta) display of the Ubuntu site.

Figure 8: FireFox in VM

Figure 8: FireFox in VM

As I began experimenting with my Linux VM, I noticed some irritating issues. For example, mouse movement problems were frustrating, and the VM would not display in full window mode. A little digging in the manual uncovered the solution.

Sun provides "guest additions" to smooth out challenges like I was having. After I installed the appropriate guest additions for Linux, all problems disappeared. Running Linux in the VM was no different than running it as the host system. I did notice that I needed more memory for some of the tasks I have planned. This was an easy change.

The configuration of the VM is modified by clicking Settings in the management window. The configurable devices and services are listed in the settings window, shown in Figure 9. I changed the base memory size to 512 and restarted the VM. No issues. Memory constraints gone. It was that easy.

Settings.jpg

Figure 9: Memory Re-config

Figure 9: Memory Re-config

I haven't tested everything, but so far this is exactly what I was looking for. Free, easy to setup, easy to maintain, and stable—so far.

About

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

Editor's Picks

Free Newsletters, In your Inbox