1
00:00:00,560 --> 00:00:02,610
<v ->In this demonstration, I want to show you</v>

2
00:00:02,610 --> 00:00:05,450
how you can better secure your virtual machine

3
00:00:05,450 --> 00:00:07,590
from your outside environment.

4
00:00:07,590 --> 00:00:09,601
We're going to do that by using encryption

5
00:00:09,601 --> 00:00:11,570
as well as disabling sharing

6
00:00:11,570 --> 00:00:13,480
between the host operating system,

7
00:00:13,480 --> 00:00:15,460
in my case, the Mac system,

8
00:00:15,460 --> 00:00:17,880
and my Windows 10 virtual machine.

9
00:00:17,880 --> 00:00:19,960
If I don't allow sharing between the two,

10
00:00:19,960 --> 00:00:21,930
that way, even if the Windows machine

11
00:00:21,930 --> 00:00:23,880
gets a virus or some sort of malware,

12
00:00:23,880 --> 00:00:25,730
it can't escape the virtual environment

13
00:00:25,730 --> 00:00:28,260
and it can't affect my host operating system,

14
00:00:28,260 --> 00:00:29,900
which is the Mac.

15
00:00:29,900 --> 00:00:32,640
So, from within VirtualBox, on the left side,

16
00:00:32,640 --> 00:00:34,810
you'll have all of your systems listed.

17
00:00:34,810 --> 00:00:36,450
On this one, it's a new install

18
00:00:36,450 --> 00:00:38,440
and I only have the one Windows 10 machine

19
00:00:38,440 --> 00:00:39,566
that I made earlier.

20
00:00:39,566 --> 00:00:41,570
Now, if you go ahead and click on it

21
00:00:41,570 --> 00:00:43,320
and then click on Settings,

22
00:00:43,320 --> 00:00:45,570
you'll have these settings for it.

23
00:00:45,570 --> 00:00:47,680
There's two areas that I want to go through.

24
00:00:47,680 --> 00:00:50,100
The first one is Disk Encryption.

25
00:00:50,100 --> 00:00:52,870
You have this file on your system

26
00:00:52,870 --> 00:00:55,940
that's holding your entire Windows operating system,

27
00:00:55,940 --> 00:00:57,125
that virtual machine.

28
00:00:57,125 --> 00:00:58,996
So, I'm going to go into Finder

29
00:00:58,996 --> 00:01:02,480
and it's in my VirtualBox VM folder.

30
00:01:02,480 --> 00:01:06,190
In here, I have this one folder that is Windows 10,

31
00:01:06,190 --> 00:01:09,610
and underneath it, you'll see that I have some log files,

32
00:01:09,610 --> 00:01:11,100
I have some configuration files,

33
00:01:11,100 --> 00:01:14,450
which is my VirtualBox settings, and this VDI.

34
00:01:14,450 --> 00:01:18,500
This nine gigabyte file is the entire hard drive image

35
00:01:18,500 --> 00:01:20,540
of that Windows 10 machine,

36
00:01:20,540 --> 00:01:22,960
and right now, it's not encrypted

37
00:01:22,960 --> 00:01:25,850
and so anybody who got access to this machine

38
00:01:25,850 --> 00:01:28,350
could get the data from that Windows machine

39
00:01:28,350 --> 00:01:29,480
and we don't want that.

40
00:01:29,480 --> 00:01:32,060
So, one of the things you want to do is go to into VirtualBox,

41
00:01:32,060 --> 00:01:33,670
and under your General tab,

42
00:01:33,670 --> 00:01:35,810
there is this disk encryption setting.

43
00:01:35,810 --> 00:01:37,850
You can enable disk encryption.

44
00:01:37,850 --> 00:01:40,301
You can choose which cipher it's going to use,

45
00:01:40,301 --> 00:01:43,890
AES-256 or AES-128.

46
00:01:43,890 --> 00:01:46,840
256 is a higher-bit key so it's going to be better.

47
00:01:46,840 --> 00:01:49,993
And then you can give it a long, strong password.

48
00:01:54,300 --> 00:01:57,570
Something like this is going to give me

49
00:01:57,570 --> 00:02:00,340
a nice, long, 16-character password,

50
00:02:00,340 --> 00:02:02,380
which is a mixture of uppercase, lowercase,

51
00:02:02,380 --> 00:02:04,190
special characters, and numbers.

52
00:02:04,190 --> 00:02:06,300
When I click OK, it's going to go through

53
00:02:06,300 --> 00:02:08,660
and encrypt that disk image.

54
00:02:08,660 --> 00:02:10,290
This may take a while in your system

55
00:02:10,290 --> 00:02:12,620
depending on how powerful your system is

56
00:02:12,620 --> 00:02:15,340
because the encryption process does have to take

57
00:02:15,340 --> 00:02:18,740
processing resources and disk access resources.

58
00:02:18,740 --> 00:02:21,790
On my system, this only took about 30 seconds

59
00:02:21,790 --> 00:02:23,820
because we have a very high performance system

60
00:02:23,820 --> 00:02:25,970
using solid-state hard drives.

61
00:02:25,970 --> 00:02:27,177
The second thing we want to do

62
00:02:27,177 --> 00:02:31,110
is go into our settings and look at our shared folders.

63
00:02:31,110 --> 00:02:32,720
So right now, you can see under Disk Encryption,

64
00:02:32,720 --> 00:02:35,350
we do have a nice encrypted disk.

65
00:02:35,350 --> 00:02:37,780
And when we go over here to our Shared Folders,

66
00:02:37,780 --> 00:02:40,092
we don't have any setup right now.

67
00:02:40,092 --> 00:02:43,780
Now, here inside the Shared Folders, if you add a folder,

68
00:02:43,780 --> 00:02:47,050
this will make a connection between the virtual machine

69
00:02:47,050 --> 00:02:49,120
and the host machine.

70
00:02:49,120 --> 00:02:50,570
So, in my case, if I want to go ahead

71
00:02:50,570 --> 00:02:55,470
and connect my Mac's desktop folder to this Windows machine,

72
00:02:55,470 --> 00:02:57,640
I can go ahead and hit Auto-mount,

73
00:02:57,640 --> 00:02:59,840
which will allow me to auto-mount this folder

74
00:02:59,840 --> 00:03:02,800
as a shared resource that the Windows machine can get.

75
00:03:02,800 --> 00:03:06,000
You can also do it as read-only so it's a one-way transfer

76
00:03:06,000 --> 00:03:08,670
where the Windows machine can read from the Mac,

77
00:03:08,670 --> 00:03:11,660
but the Mac can't read from the Windows machine.

78
00:03:11,660 --> 00:03:14,620
Right now, I have it set up as a two-way share.

79
00:03:14,620 --> 00:03:15,828
We'll go ahead and hit OK

80
00:03:15,828 --> 00:03:18,553
and I can go ahead and boot up this Windows machine.

81
00:03:22,060 --> 00:03:24,320
Once you go to boot it, because we've set that encryption,

82
00:03:24,320 --> 00:03:27,488
we do have to enter that long, strong password each time.

83
00:03:27,488 --> 00:03:28,970
That is decrypting the file

84
00:03:28,970 --> 00:03:31,480
and allowing us to boot up the hard drive.

85
00:03:31,480 --> 00:03:33,980
And now, once we're booted up into Windows,

86
00:03:33,980 --> 00:03:37,110
we can click on the folder, we can go to Network,

87
00:03:37,110 --> 00:03:39,380
and you'll see there is now this network server

88
00:03:39,380 --> 00:03:41,410
called VBox Server.

89
00:03:41,410 --> 00:03:44,220
This is what hosts all the shared files and folders,

90
00:03:44,220 --> 00:03:47,330
and so here we can see, the desktop folder that I shared,

91
00:03:47,330 --> 00:03:49,220
is now sitting there.

92
00:03:49,220 --> 00:03:51,920
And from here you can see my Mac desktop is currently empty.

93
00:03:51,920 --> 00:03:52,909
Now, if I look at the Mac,

94
00:03:52,909 --> 00:03:55,141
you can see there's nothing on my desktop.

95
00:03:55,141 --> 00:03:57,154
Let's go ahead and make a file here

96
00:03:57,154 --> 00:03:59,920
just to show that we have a connection between the two.

97
00:03:59,920 --> 00:04:01,350
I'm going to go ahead and create a text document

98
00:04:01,350 --> 00:04:04,330
that said From Windows.

99
00:04:04,330 --> 00:04:05,515
And now, if I go back over here,

100
00:04:05,515 --> 00:04:08,200
you'll see From Windows is there.

101
00:04:08,200 --> 00:04:09,960
And that two-way connection is dangerous

102
00:04:09,960 --> 00:04:12,040
because if you have a Windows host system

103
00:04:12,040 --> 00:04:14,130
and a Windows virtual machine system

104
00:04:14,130 --> 00:04:16,290
and you get some sort of a virus or malware

105
00:04:16,290 --> 00:04:18,010
inside the virtual machine,

106
00:04:18,010 --> 00:04:20,790
it can then be transferred to your host computer.

107
00:04:20,790 --> 00:04:21,841
So, what I recommend

108
00:04:21,841 --> 00:04:24,810
is that we don't have that connection set up.

109
00:04:24,810 --> 00:04:26,780
So, inside of VirtualBox,

110
00:04:26,780 --> 00:04:29,710
I like to go in and delete those connections

111
00:04:29,710 --> 00:04:33,760
and make sure that this virtual machine stays isolated,

112
00:04:33,760 --> 00:04:36,370
that there is not a connection between the two,

113
00:04:36,370 --> 00:04:38,790
and that is going to give you a little bit more security

114
00:04:38,790 --> 00:04:40,633
when using these virtual machines.