|
Title: Regarding Vulnerable Practice Vm's Post by: skorpinok on October 19, 2012, 09:53:36 PM Hello,
I have read many times that when using vulnerable virtual machines like Metasploitable, Damn Vulnerable Linux, & DVWA that it should never be exposed to network, why ? so when i practice with these vulnerable vm's should i disconnect myself from internet ? please share with me. Regards skorpinok Title: Re: Regarding Vulnerable Practice Vm's Post by: tturner on October 19, 2012, 10:10:44 PM Just configure the VM's host only so only your computer can communicate with them. The reason is that a network is only as robust as it's weakest link and those VM's are pretty weak. An attacker could use a vulnerable VM as a pivot point to engage attacks against your inner network, and it's likely you will expose systems in other ways. All sorts of reasons to do it this way.
Title: Re: Regarding Vulnerable Practice Vm's Post by: chrisj on October 20, 2012, 01:32:04 PM tturner's got some good points.
Another reason, if you go in to a more research role later (like say malware analysis), you'll now have bad habits to break. You might leak data to people you're looking into and make yourself a target. There is also always a chance you'll typo something and instead of attacking your vm, attacking another system on your network. If you have a dedicated network, without internet access not so much a problem. However, if you have boxes on the network that need to stay up...
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |