Chapter 13. Security considerations

Table of Contents

13.1. Potentially insecure operations
13.2. Authentication
13.3. Encryption

13.1. Potentially insecure operations

The following features of VirtualBox can present security problems:

  • Enabling 3D graphics via the Guest Additions exposes the host to additional security risks; see Section 4.4.1, “Hardware 3D acceleration (OpenGL and Direct3D 8/9)”.

  • When teleporting a machine, the data stream through which the machine's memory contents are transferred from one host to another is not encrypted. A third party with access to the network through which the data is transferred could therefore intercept that data.

  • When using the VirtualBox web service to control a VirtualBox host remotely, connections to the web service (through which the API calls are transferred via SOAP XML) are not encrypted, but use plain HTTP. This is a potential security risk! For details about the web service, please see Chapter 11, VirtualBox programming interfaces.