1

Is there any merit in installing a virtual machine with OpenBSD and pf (or any other simple and secure OS + iptable) on a mac laptop and routing all the traffic through that machine? I read a similar set up for corporate laptops running windows (I thing I read this in BSD magazine). They claim that Windows machines are too hard to secure and if you are taking them to the wild (public wireless, hotels, ...) you'd better but a secure OS in between! If you think this is a good idea, how you route all the traffic on a mac through the virtual machine and prevent any application or service to go directly? I am not sure if just setting the gateway will do that, what about DNS? you don't want anybody to fool you with DNS cache poisoning or similar attacks either.

Ali
  • 255
  • 5
  • 13

1 Answers1

1

DNS cache poisoning is a separate issue from having a virtualbox firewall. Neither of which will encrypt your internet session. I think you want to use an SSH tunnel to a trusted server, as this will protect you from local DNS poisoning attacks (but 'they' might still attack your trusted server :-)

In my opinion, and with my resources, it is much easier to run an SSH tunnel to one of my trusted servers, and then access the internet through that (to protect myself from a hostile WLAN).

Also, I think on OSX you should have more than capable services to do firewalling: isn't there a pf or iptables app for your version of OSX?

DutchUncle
  • 1,265
  • 8
  • 16
  • Thank you. That is correct, I didn't meant it to be a replacement for VPN/tunnling, and again you are right that macosx has it's own firewall (which I believe is based on iptables). For windows machines the idea was no to expose them to the wild so that even when there is a remotely exploitable vulnerability no one can use it because you are behind a non-windows firewall that usually are more under your control. For macs still there are not that many remote holes being published but I wanted to know if a paranoid person (!) would do that! – Ali Jan 15 '11 at 14:42
  • AS much as I love OpenBSD: if users believe they need to run Windows or legacy apps, I think it makes more sense to run OSX or Free/PCBSD as the host OS and Windows in a VirtualBox session, rather than an OpenBSD firewall on a Windows host. Also, Wine can do an amazing job these days. – DutchUncle Jan 15 '11 at 15:35