is it increasing your internet security in terms of privacy/tracking/fingerprinting, if you are surfing with your web browser in a virtual machine enviroinment (virtual box + vpn)? Instead of surfing from your normal windows operating system...
Or is a virtual machine not helping you in fingerprinting cases? I just want to understand if you can use a virtual machine as a additional privacy tool and if yes, on what aspects would it have an impact (ip address, virus infections, fingerprinting, etc.)?
Thanks
When you're hosting a VM on your local machine, it may share the same IP as your host, as far as the outside world is concerned. Most hypervisors allow you to change how it obtains an IP address, but in typical configs it will only change on your local network, which is probably NATed behind a single address provided by your ISP. A VPN is a good way to change that, and you can configure that either inside or outside the VM, though ideally you'd no want to be sharing an IP with your host system.
Using a VM can help against fingerprinting because you can be running a different browser in a different OS in your VM than on your host system - but that instance itself can be tracked/fingerprinted, so it may be a good idea to rotate through a series of different configurations (or use a browser plugin that randomises some settings, such as reported browser version, OS, installed fonts, etc), and to throw away changes in your VM each time you use it, which will eliminate even the hardest of "supercookies" that might try to track you.
Unless your hypervisor is compromised (this has happened in the past, but it's rare), the VM itself will provide good protection from malware - for example Windows malware will have no effect on a Linux VM, and vice versa - and any malware that does infect your VM is contained by the sandbox that the VM provides - and you can simply reset it to return to a known-clean state, or throw it away and start again.
Related
is there a way to connect a dvr tuner to a Plex Server hosted in Hyper-V?
I have searched but could not find a Question about this topic.
My build is a Win22 Datacenter Server running Plex in Hyper-V. A Hauppauge dualHD is connected to the Win22 Datacenter Server via USB.
Thanks for your help!
Current Answer
I'm updating my answer as I didn't realize it was a tuner and not a DVR box connected to your TV.
From what I'm seeing online, your best bets are:
use Enhanced Session Mode to connect the device over RDP (which only supports some devices)
use a third-party tool such as Donglify (this is from results on Google. Buy at your own digression) to allow USB passthrough
use a Type 2 hypervisor (VirtualBox, VMware) to run your instance of Plex instead
run Plex outside of Hyper-V on the same system with a sandboxed user
run Plex on another device entirely, such as a Raspberry Pi.
I can't help with the first, as it requires some gpedit.msc magic I cannot do, or second as I have never used one.
3rd option will reduce program speeds which may cause slowdown if multiple people stream at once.
4th option is my personal recommendation, as you bypass the need to use a hypervisor entirely and keep on the same device.
5th is only good if you use a USB-based drive and have a decent bit of experience with Linux.
Old Answer
Kept for the sake of archival.
You'll want to use Powershell and the Add-NetNatStaticMapping cmdlet to allow inbound connections to the Hyper-V server. This will need a vNAT adapter set up. See the linked blog post (not mine) if you need help with that, too.
Assuming the vEthernet connection has an internal IP of 192.168.10.2 and a NAT network name of NATSwitch, with Plex on the default port of 32400:
Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 32400 -Protocol TCP -InternalIPAddress "192.168.10.2" -InternalPort 32400 -NatName NATNetwork
You will most likely need to replace the internal IP, port, and NAT name.
After this is set up, you'll need to point your DVR to the IP of the Windows Server box.
Sites referenced:
Plex support page on ports to forward
A GitHub user's blog, specifically a post on port forwarding
I am using VmWare Workstation 14 and when I install an operating system (any of them) some programs and apps are able to identify that I am using a virtual machine.
I have seen the vm is using virtualized devices that are really named virtual. like for example VmWare Network Card or etc. Is there any way to install fake real like hardware drivers on these virtual machines? Can this simple change make the app see this vm as a real machine?
How to make this virtual machine appear as a real machine to applications?
Is there really any way?
This was asked as a yes-or-no question so my answer is:
Yes... probably. But it's a lot of work.
There's a 2006 presentation by Tom Liston and Ed Skoudis that talks about this: https://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
It focuses on VMware, but some of it would also apply to other types of Virtual Machine Environments (VMEs).
In summary, they identify as many things as they can find that would allow VM detection, which would each have to be addressed, and they also mention some VMware-specific mitigations for them.
VME artifacts in processes, file system, and/or Windows registry. These would include the VMtools service and "over 50 different references in the file system to 'VMware' and vmx" and "over 300 references in the Registry to 'VMware'", all of which would have to be deleted or changed.
VME artifacts in memory. Specific regions of memory tend to be different in guests (VMs) than hosts, namely the Interrupt Descriptor Table (IDT), Global
Descriptor Table (GDT), and Local Descriptor Table (LDT). The method by which the VM is built may allow these to appear the same in guests as they do in hosts.
VME-specific virtual hardware. This would include the drivers you mention like VmWare Network Card. The drivers would have to be removed or replaced with drivers that do not match the names or code signatures of any virtual drivers. Probably easiest to do on an open-source system, simply by modifying the driver source code and build.
VME-specific processor instructions and capabilities. Some VMEs add non-standard machine language instructions, or modify the behaviour of existing instructions. These can be changed or removed by editing the VME source code, at the cost of convenient host-guest interaction.
VME differences in behaviour. A VM might respond differently on the network, or fail at time synchonization. This could be mitigated with additional source code changes (on both host and guest) to make the network traffic look closer to normal, and providing sufficient CPU cores to the VM would help make sure it does not run more slowly than wall clock time.
Again this is from 2006, so if anyone has a more up-to-date reference, I'd love to see their answer.
I am wondering if there is any way to get VMware Player to blink or show a message in the window title or perform some similar notifying action whenever there is some activity inside the guest operating system.
I run a Windows VM on a Linux box. If I am working on the host OS and an email or IM or any notification appears on a window inside the Windows VM, there is no way for me to be notified of that in the host OS. I am wondering if there is any practical solution to this or if this is an intrinsic limitation of virtualization. Any thoughts? Thanks.
This is an intrinsic limitation of type 2 virtualization, if you're able to get out the virtual machine it means something went wrong in terms of security.
BUT, you can still solve your problem. Both the host and the VM are connected to the Internet (and sometimes connected on the same internal network). You have a common resource, so they can communicate. The easiest solution in your example is to use an external notification service like pushbullet (if you don't mind it to be hosted elsewhere) or pushjet (if you want to self host).
I am currently on a mac using the pre-installed Apache server.
Now I need to cross-browser test some websites, and therefore I need to access my pages on some other computers. How can I make my localhost-sites accessible for other computers on my WiFi (without uploading to another server)?
Thanks in advance.
Apache server's default configuration should allow other computers (even ones not on your local network) to access whatever it's serving up.
You can access your server from another machine by using the IP address of your server. You can find the IP address of your server by finding a console (this works in Windows and Mac machines) and typing in "ipconfig". (For linux machines, it's "ifconfig".)
On Windows machines that we own it's possible to change a MAC address to a pre-assigned value. But is it possible to set the MAC address on EC2 Windows machines to a pre-assigned value?
Here is the problem:
We provide a virtual lab/training/evaluation environment that runs off Amazon EC2. Every so often a customer wants to run licensed software (that they own!) in the cloud, but the licensing component requires a fixed MAC address to exist.
But it's unclear what happens in EC2 if we tweak with the MAC address, especially after a reboot or snapshot of the machine. One big issue I see is that if we take a snapshot of a machine with a fixed MAC, and then launch multiple copies of it, then each copy will, in theory, have the same MAC address. Obviously a routing issue.
But still, it's unclear what happens or if the underlying virtualization stack simply generates random MACs every time a machine is launched.
Of-course, I would love to hear about other workarounds if you have ideas..
You can use an EC2 instance in a VPC and attach an Elastic Network Interface to it.
ENI is like an additional network card that have fixed IP address (internal and external) and fixed MAC address.
More about ENI in AWS site.
Unfortunately there's no good workaround here. EC2 does not allow any manipulation of the MAC address on an instance.