lotto results

Friday, April 21, 2023

[New post] Towards a work setup on a hardened host and doing everything in VMs

Site logo image jpluimers posted: "SwiftOnSecurity posted this interesting tweet in 2021: [Archive] SwiftOnSecurity on Twitter: "Lenovo P1 Gen3 with 12core Xeon, 64GB RAM, two 1TB M.2 SSDs. Running Windows Server 2022 with the Hyper-V role. All hardening applied to host OS, almost nothing " The Wiert Corner - irregular stream of stuff

Towards a work setup on a hardened host and doing everything in VMs

jpluimers

Apr 21

SwiftOnSecurity posted this interesting tweet in 2021: [Archive] SwiftOnSecurity on Twitter: "Lenovo P1 Gen3 with 12core Xeon, 64GB RAM, two 1TB M.2 SSDs. Running Windows Server 2022 with the Hyper-V role. All hardening applied to host OS, almost nothing happens here except managing guest VMs. On the second SSD I then have Win10 VMs joined to the corporate domain." / Twitter.

I wonder if a similar setup can be done using an Apple M1 based machine as host and running all work in virtual machines.

Swift had some issues getting cameras and microphones to work: [Archive] SwiftOnSecurity on Twitter: "The problem here is Teams. If I want to pass through my webcam and microphone that could get a bit dicey, despite HyperV Enhanced Session being essentially an RDP session. For now I'm using my phone for Teams microphone. Also I'm not sure how well thermal management will work...." / Twitter

This resulted in some answers and interesting links:

  • [Archive] Mitchell J. Skurnik on Twitter: "@SwiftOnSecurity Lookup RemoteFX webcam or something like that. I've done it before with other USB devices." / Twitter
    • RemoteFX - Wikipedia
    • [Wayback/Archive] RemoteFX webcam - Google Search
    • [Wayback/Archive] remote desktop webcam redirection - Microsoft Q&A
    • [Wayback/Archive] RemoteFX USB Webcam Redirection [2021 Complete Guide]
  • [Archive] JD116 on Twitter: "@SwiftOnSecurity It's doable, but the last time I tried it I found that you have to restart Teams after connecting with RDP for it to recognize a webcam connected via RDP. Just make sure you have the camera selected in the local resources tab & set remote audio to record for your local PC." / Twitter
  • [Archive] Leo on Twitter: "@SwiftOnSecurity I did something very similar for years. Hyper-V device passthrough was absolutely the worst sticking point, with Hyper-V networking management close behind (stop making new adapters!)" / Twitter (I remember the Wireless and Wired networks of the host not being able to be on the same client network in the days I wrote about P2V of an existing XP machine to Hyper-V to have an emergency fallback when retiring old XP physical machines whereas this is a no-brainer on VMware to get working; not much has changed on the Hyper-V side since then)

Some more interesting tweets in that thread:

  • [Archive] 🐀 on Twitter: "@SwiftOnSecurity Are you using the Opal or other HW encryption features that the SSD offers for data 'at rest' (ie SSD is powered off)?" / Twitter
    • [Archive] SwiftOnSecurity on Twitter: "@TommyTenacious Bitlocker" / Twitter
  • [Archive] SwiftOnSecurity on Twitter: "The host laptop will then be joined to a completely separate "Red Forest" in AzureAD so it can be a fully-secured management point for Out-Of-Band communications in event of a total corporate compromise. It will be the bootstrap of the entire IT recovery." / Twitter
    • [Archive] Jimmy on Twitter: "@SwiftOnSecurity How do you deal with the red forest management ? Host OS is the PAW?" / Twitter ([Wayback/Archive] Privileged Access Management in Windows Server)
      • [Archive] SwiftOnSecurity on Twitter: "@michkisan Yeah." / Twitter
      • [Archive] Jimmy on Twitter: "@SwiftOnSecurity Making that part work for more than couple of individuals .. at enterprise level, proved to be impossible for us" / Twitter
      • [Archive] SwiftOnSecurity on Twitter: "@michkisan Yes. This will be one of a few just for the specialized domain" / Twitter
  • [Archive] Nyarlohotep rises on Twitter: "@SwiftOnSecurity I have a P1G3, and the thermals are atrocious. Ended up disabling boost via the power management settings to limit the CPU to 99%. Laptop sits tented on my desk with two external displays. If it wasn't a work-issued machine, I'd take it apart and repaste the CPU cooler" / Twitter
  • [Archive] Vincent Milum Jr on Twitter: "@SwiftOnSecurity Dunno bout Hyper-V, but VMWare Workstation will most likely allow those devices to be passed into the guest OS." / Twitter
    • [Archive] bbdd333 on Twitter: "@SwiftOnSecurity @DarkainMX Not that you need both for this project, but can Hyper-V and VMWare coexist on the same machine? I don't think they could last time I tried." / Twitter
  • [Archive] SwiftOnSecurity on Twitter: "The host laptop will then be joined to a completely separate "Red Forest" in AzureAD so it can be a fully-secured management point for Out-Of-Band communications in event of a total corporate compromise. It will be the bootstrap of the entire IT recovery." / Twitter
    • [Archive] SwiftOnSecurity on Twitter: "Every empire needs its capital city. " / Twitter

    • [Archive] Mirko Schnellbach 🇪🇺 on Twitter: "@SwiftOnSecurity Win11 has Hyper-V and probably better power management / driver support for laptop class HW. Why install Server?" / Twitter
    • [Archive] SwiftOnSecurity on Twitter: "@MadMirko Less junk overhead I'd need to rip out or disable. I could do a comparison still we'll see" / Twitter

--jeroen

Comment
Like
Tip icon image You can also reply to this email to leave a comment.

Unsubscribe to no longer receive posts from The Wiert Corner - irregular stream of stuff.
Change your email settings at manage subscriptions.

Trouble clicking? Copy and paste this URL into your browser:
http://wiert.me/2023/04/21/towards-a-work-setup-on-a-hardened-host-and-doing-everything-in-vms/

WordPress.com and Jetpack Logos

Get the Jetpack app to use Reader anywhere, anytime

Follow your favorite sites, save posts to read later, and get real-time notifications for likes and comments.

Download Jetpack on Google Play Download Jetpack from the App Store
WordPress.com on Twitter WordPress.com on Facebook WordPress.com on Instagram WordPress.com on YouTube
WordPress.com Logo and Wordmark title=

Learn how to build your website with our video tutorials on YouTube.


Automattic, Inc. - 60 29th St. #343, San Francisco, CA 94110  

at April 21, 2023
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Increased Fuel Costs Challenge Wood Fiber Markets in Q2

...

  • [New post] The Z Blog: Money Matters
    sengssk posted: "A favorite expression is "pressure reveals character." Anyone who has played sports has probably...
  • [New post] Tony Bennett Ft. Lady Gaga – You’re The Top
    Ayonline posted: " American singer, Tony Bennett come through with a new song title You're The Top Feat. Lady Gaga ...
  • [New post] Former Isidingo actress Kim Engelbrecht gets a nod from the 2022 Emmy Awards
    Porti...

Search This Blog

  • Home

About Me

lotto result
View my complete profile

Report Abuse

Blog Archive

  • June 2026 (2)
  • May 2026 (4)
  • April 2026 (1)
  • March 2026 (6)
  • February 2026 (2)
  • January 2026 (3)
  • December 2025 (1)
  • November 2025 (1)
  • September 2025 (5)
  • August 2025 (3)
  • July 2025 (2)
  • June 2025 (3)
  • May 2025 (2)
  • March 2025 (5)
  • February 2025 (3)
  • January 2025 (4)
  • December 2024 (2)
  • November 2024 (1)
  • October 2024 (3)
  • September 2024 (4)
  • June 2023 (176)
  • May 2023 (1209)
  • April 2023 (1076)
  • March 2023 (1208)
  • February 2023 (912)
  • January 2023 (998)
  • December 2022 (1022)
  • November 2022 (1082)
  • October 2022 (1580)
  • September 2022 (1476)
  • August 2022 (1694)
  • July 2022 (1786)
  • June 2022 (1251)
  • May 2022 (1056)
  • April 2022 (1443)
  • March 2022 (1328)
  • February 2022 (1092)
  • January 2022 (1332)
  • December 2021 (1657)
  • November 2021 (3162)
  • October 2021 (3225)
  • September 2021 (3171)
  • August 2021 (3282)
  • July 2021 (1390)
Powered by Blogger.