Hi. I have gone through the documentation the last couple of weeks and I am looking at making a 1 page printable reference sheet without fluff on how to secure as much as possible a virtual windows 7 machine going through a whonix gateway. I may have missed something because there is so much stuff and it is extremely confusing for me with all the pages on things like transparent proxies, isolating proxies and stream isolation, can someone confirm if this is correct? I know for sure I am missing how to “Secure Distributed Network Time Synchronization”, there is no documentation.
-Download Whonix Gateway from: https://www.whonix.org/wiki/Download
-Import Whonix gateway into VirtualBox. Do not change any settings when importing!
-Boot into Whonix Gateway and change password:
The default username is: user
The default password is: changeme
Login as root:
Change root and user password:
and follow the instructions.
-Make Windows 7 VirtualBox: VirtualBox -> Machine -> New -> Next -> Enter Name “Windows 7” -> Enter Operating System and Version -> Next -> define RAM -> Next -> create a new hdd -> Next -> disk format doesn’t matter, VDI works fine however -> Next -> dynamically or fixed size is a matter of preference -> Next hdd size and location is a matter of preference -> Next -> Create.
-Choose the newly created VM and change these settings:
Settings -> System -> Motherboard -> Hardware Clock in UTC
System -> Processor -> Enable PAE/NX if available
Network -> Adapter 1 -> attached to Internal Network (Important!)
Network -> Adapter 1 -> Name (of Internal Network) (Important!): Whonix
(Note: It’s Whonix, not whonix. Case sensitive. Capital W.)
USB -> uncheck Enable USB controller -> OK.
Do not enable Shared Folders
Do not enable video acceleration
Do not enable Serial Port
Do not install VirtualBox Guest Additions
Remove Floppy drive
Remove CD/DVD drive
Do not attach USB devices
Do not enable Remote Display server
Do not enable IO APIC, EFI?
-Install Windows 7 with the following settings:
computer name: host
Network in Control Panel -> Network and Sharing Center: click on “Change adapter settings” Right-click on local area connection > properties In property window: double-click Internet Protocol Version 4, use the following settings:
IP address 192.168.0.50
Subnet netmask 255.255.255.0
Default gateway 192.168.0.10
Preferred DNS server 192.168.0.10
-Disable Windows 7 from synchronizing time with microsoft time servers.
-Disable Virtualbox clipboard sharing and Drag and Drop.
-Install Tor Browser in Windows.