|
Last change
on this file was 109090, checked in by vboxsync, 13 days ago |
|
Docs: bugref:10705. The following commits from doc's team git repo has been applied:
ae80a681fb1658b2e20ff12a36588811c14dfe67 Updated description of network types
4779d5f23ada981651803eb1ab029ae19f3394db Added - Shared Folders can't be used on Arm VMs running Windows
42ff285f84faa143fc53a3678b1a28a0cae68705 Started minor updates to security section
5bb1fe545161ec7211b842952221dee2021a6645 Fixed spacing
86c3d9a9eb8c807907fe3977b100712d8717a0bb Included Vadim's feedback
4117e15a9d3304ed6f011a45ad3d85b1783248bc Minor updates to security guide
67f46d035bca90c2bd0dc518456b5f4734a8f1da Updates from Vadim
|
-
Property svn:eol-style
set to
native
-
Property svn:keywords
set to
Author Date Id Revision
|
|
File size:
2.3 KB
|
| Line | |
|---|
| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="security-general">
|
|---|
| 4 | <title>General Security Principles</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p> The following principles are fundamental to using any application securely.</p>
|
|---|
| 8 | <ul>
|
|---|
| 9 | <li>
|
|---|
| 10 | <p><b outputclass="bold">Keep software up-to-date</b>. One of the principles of good security practise is to keep all software versions and patches up-to-date. Activate the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> update notification to get notified when a new <ph conkeyref="vbox-conkeyref-phrases/product-name"/> release is available. When updating <ph conkeyref="vbox-conkeyref-phrases/product-name"/>, do not forget to update the Guest Additions. Keep the host operating system as well as the guest operating system up-to-date.</p>
|
|---|
| 11 | </li>
|
|---|
| 12 | <li>
|
|---|
| 13 | <p><b outputclass="bold">Restrict network access to critical services.</b> Use proper means, for instance a firewall, to protect your computer and your guests from accesses from the outside. Choosing the proper networking mode for VMs helps to separate host networking from the guest and vice versa.</p>
|
|---|
| 14 | </li>
|
|---|
| 15 | <li>
|
|---|
| 16 | <p><b outputclass="bold">Follow the principle of least privilege.</b> The principle of least privilege states that users should be given the least amount of privilege necessary to perform their jobs. Always execute <ph conkeyref="vbox-conkeyref-phrases/product-name"/> as a regular user. We strongly discourage anyone from executing <ph conkeyref="vbox-conkeyref-phrases/product-name"/> with system privileges.</p>
|
|---|
| 17 | <p> Choose restrictive permissions when creating configuration files, for instance when creating /etc/default/virtualbox, see <xref href="linux_install_opts.dita">Automatic Installation Options</xref>. Mode 0600 is preferred.</p>
|
|---|
| 18 | </li>
|
|---|
| 19 | <li>
|
|---|
| 20 | <p><b outputclass="bold">Monitor system activity.</b> System security builds on three pillars: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address the third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.</p>
|
|---|
| 21 | </li>
|
|---|
| 22 | </ul>
|
|---|
| 23 | </body>
|
|---|
| 24 |
|
|---|
| 25 | </topic>
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
