HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 80 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Regarding Vulnerable Practice Vm's
EH-Net
May 20, 2013, 08:38:52 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Regarding Vulnerable Practice Vm's  (Read 1591 times)
0 Members and 1 Guest are viewing this topic.
skorpinok
Newbie
*
Offline Offline

Posts: 36


View Profile
« on: October 19, 2012, 09:53:36 PM »
Hello,         
I have read many times that when using vulnerable virtual machines like Metasploitable, Damn Vulnerable Linux, & DVWA that it should never be exposed to network, why ? so when i practice with these vulnerable vm's should i disconnect myself from internet ?
please share with me.

Regards
skorpinok
Logged
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #1 on: October 19, 2012, 10:10:44 PM »
Just configure the VM's host only so only your computer can communicate with them. The reason is that a network is only as robust as it's weakest link and those VM's are pretty weak. An attacker could use a vulnerable VM as a pivot point to engage attacks against your inner network, and it's likely you will expose systems in other ways. All sorts of reasons to do it this way.
« Last Edit: October 19, 2012, 10:12:52 PM by tturner » Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #2 on: October 20, 2012, 01:32:04 PM »
tturner's got some good points.

Another reason, if you go in to a more research role later (like say malware analysis), you'll now have bad habits to break. You might leak data to people you're looking into and make yourself a target.

There is also always a chance you'll typo something and instead of attacking your vm, attacking another system on your network.  If you have a dedicated network, without internet access not so much a problem. However, if you have boxes on the network that need to stay up...
Logged
OSWP, Sec+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.08 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.