I have read many times that when using vulnerable virtual machines like Metasploitable, Damn Vulnerable Linux, & DVWA that it should never be exposed to network, why ? so when i practice with these vulnerable vm’s should i disconnect myself from internet ?
please share with me.
Just configure the VM’s host only so only your computer can communicate with them. The reason is that a network is only as robust as it’s weakest link and those VM’s are pretty weak. An attacker could use a vulnerable VM as a pivot point to engage attacks against your inner network, and it’s likely you will expose systems in other ways. All sorts of reasons to do it this way.
Another reason, if you go in to a more research role later (like say malware analysis), you’ll now have bad habits to break. You might leak data to people you’re looking into and make yourself a target.
There is also always a chance you’ll typo something and instead of attacking your vm, attacking another system on your network. If you have a dedicated network, without internet access not so much a problem. However, if you have boxes on the network that need to stay up…
Viewing 2 reply threads
You must be logged in to reply to this topic.
– EH-Net Live!Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!