.

Regarding Vulnerable Practice Vm's

<<

skorpinok

Newbie
Newbie

Posts: 36

Joined: Thu Jun 14, 2012 9:48 am

Post Fri Oct 19, 2012 9:53 pm

Regarding Vulnerable Practice Vm's

Hello,       
I have read many times that when using vulnerable virtual machines like Metasploitable, Damn Vulnerable Linux, & DVWA that it should never be exposed to network, why ? so when i practice with these vulnerable vm's should i disconnect myself from internet ?
please share with me.

Regards
skorpinok
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Oct 19, 2012 10:10 pm

Re: Regarding Vulnerable Practice Vm's

Just configure the VM's host only so only your computer can communicate with them. The reason is that a network is only as robust as it's weakest link and those VM's are pretty weak. An attacker could use a vulnerable VM as a pivot point to engage attacks against your inner network, and it's likely you will expose systems in other ways. All sorts of reasons to do it this way.
Last edited by tturner on Fri Oct 19, 2012 10:12 pm, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Oct 20, 2012 1:32 pm

Re: Regarding Vulnerable Practice Vm's

tturner's got some good points.

Another reason, if you go in to a more research role later (like say malware analysis), you'll now have bad habits to break. You might leak data to people you're looking into and make yourself a target.

There is also always a chance you'll typo something and instead of attacking your vm, attacking another system on your network.  If you have a dedicated network, without internet access not so much a problem. However, if you have boxes on the network that need to stay up...
OSWP, Sec+

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software