I have a lot of free time at work, but never engage in personal browsing or organizing personal files because I’m on my work laptop.
I’m now setting up a new laptop which will enable me to do my own things without compromising my privacy. This is will be my first time using Virtual Machines.
My plan is to create two virtual machines, A and B.
A = For work. Here I work on work-related documents and use work gmail. The internet will be connected to work WiFi.
B = For personal stuff. Here I organize personal files and do personal browsing. The internet will be connected to my phone hotspot.
Will this adequately prevent my work from accessing my personal files and/or seeing my browsing history? Also, I have a VPN on my phone. Will I need do download VPN again in VM B to prevent my phone ISP from seeing what I’m doing?
If it is the latter, you shouldn’t install anything which is not approved by your IT. If you use VPN, IT will not see your web traffic but they will know that you are connecting to a VPN. They can also install their own network security app on your work computer, which allows them to control and monitor all the traffic.
My suggestion is, don’t use your work computer for your personal purposes, or get a written approval from IT and HR.
We can bring own device or use work provided. I use work provided for privacy. But now I want to do my own browsing so am setting up bring own device.
@pinkandwhite I intend on bringing a personal laptop to work and keeping work and personal stuff entirely separate. My question is whether setting up two virtual machines is an effective way of doing this.
Also, I use Linux Mint. I’m not sure if another distribution will offer a meaningful advantage.
Security-wise: You can’t know for sure if the VM boundary is enough of a protection on a Host (laptop) provisioned by the owner (assuming the owner here is a mutually untrusted party for either Guests, VM A or VM B).
This is on a personal laptop, so the host is “provisioned” by @Uzbeki_Vulture, and I would assume they trust themself
I mean sure, it would likely work to achieve your goal of two isolated “computers” on a single physical host. The main thing you need to make sure is that you have WiFi on the laptop connected to your work WiFi and your phone hotspot connected via USB so you can actually connect to both networks and pass through both separately to the guest VMs.
If your question is, does the VPN on the phone apply to anything connected via the hotspot? the answer is no, mostly. I’m sure someone will jump in to correct me with the cases where it does carry over to the hotspot.
Still confused why you can’t just take two laptops to work though? That’d be the simplest and most effective if your goal is isolating work and personal
The answer is a definite no on both Android and iOS. By design, no traffic from devices connected to the hotspot gets routed through the hosts VPN. There is no way around this fact, so if you want the connected devices to use a VPN, then they need to be configured with their own VPN.
Sorry, I should have been clearer. By “owner”, I meant the provider that holds the keys to Root-of-Trust (see).
Practically, one needn’t worry about adversaries at that level. Security-wise, it may matter anyway (as in the case of Android wrt DRM or on-device compilation of updatable AOSP components: ex ART).