virtualbox.org

Is there a way to isolate a physical NIC so that it can only be used by a guest machine, without any interaction with the host? I want to set up a guest that I can access remotely across the Internet, but don't want my Host being accessible. So far, I've used a bridged network connection, but the best that seems to do is share the NIC between the host and the guest.

On a related note, I looked for this, but couldn't find an answer: If some-one or -thing penetrated my guest, would they have access to my host machine as well? Is there any documentation on the security best practices for setting something akin to a DMZ for a guest?

Any help would be appreciated. Thanks!

Setup a separate (USB adapter) that the guest uses. wifi or Ethernet. will make access to the guest alone.
Do not use shared folders and firewall the guest from the host.

The NIC is not a USB device, rather, a PCI card. Will this method still work?

No.
VirtualBox can not separate the PCI device from the host. But if you want your guest to work as you said the USB route is your only option and it does work.

If you want to do this with PCI NICs you need two of them. You dedicate one to the host and one to the guest. The guest only NIC has only the bridged networking filter enabled (no access to the host IP stack) while the host only NIC has the bridged networking filter disabled (no access to the guest).