I use bridged networking, public ip address is the same, now i understand.
Is it possible for an intruder/hacker to hack into my guest but not my host?
I don't know much at all about networking and hacking.
Or if it is the same IP, and network, will the intruder see both my host and my guest?
How does it work?
Securtiy question in relation to the guest
-
BillG
- Volunteer
- Posts: 5106
- Joined: 19. Sep 2009, 04:44
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Windows 10,7 and earlier
- Location: Sydney, Australia
Re: Securtiy question in relation to the guest
If you are using bridged networking behind a NAT router, both your host and guest behave as if they were two separate PCs on the same private network (as far as the networking software is concerned). They both have private IP addresses and cannot be seen directly from the Internet. As far as security is concerned, the guest is no more or less protected than the host, or any other machine on your private network. If you want more info on the security of machines behind NAT, enquire in a networking or security forum. It is not really a VirtualBox issue.
Bill
-
nxnlvz
- Posts: 28
- Joined: 16. Dec 2008, 07:45
- Primary OS: Solaris
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Widnows (XP,7,8) / Linux (Debian, Unbuntu) / MacOS (Lion)
Re: Securtiy question in relation to the guest
For simplicity sake what Bill says is correct.
In addition to this based on what you asked in another post there is this. Both your host and your Guest are on a private network behind a firewall / router. This more or less means that incoming security problems will be less for both. Assuming you have not forwarded some ports, you will have to initiate something from either the guest or the host. Clicking a link. Downloading something. Making some sort of connection to something outside on the the internet.
To further enhance security on the guest you will want to:
-make all your shared folders read-only
-make your shared clipboard host->guest only.
-turn off your remote display for the guest.
-If you are really worried then you can make the guest disk immutable.
There are some other avenues to breach the guest container but they become more esoteric and almost impossible if you are not on the private network or have access to the physical machine. It is more possible just to crash the host forcing a reboot but that is tough to do. Of course remember that the guest is acting like a computer on your network especially if it is in bridged networking mode. If your other computers are wide open and the guest is able to reach out and touch those computers it is just as bad as a real one having a problem.
In addition to this based on what you asked in another post there is this. Both your host and your Guest are on a private network behind a firewall / router. This more or less means that incoming security problems will be less for both. Assuming you have not forwarded some ports, you will have to initiate something from either the guest or the host. Clicking a link. Downloading something. Making some sort of connection to something outside on the the internet.
To further enhance security on the guest you will want to:
-make all your shared folders read-only
-make your shared clipboard host->guest only.
-turn off your remote display for the guest.
-If you are really worried then you can make the guest disk immutable.
There are some other avenues to breach the guest container but they become more esoteric and almost impossible if you are not on the private network or have access to the physical machine. It is more possible just to crash the host forcing a reboot but that is tough to do. Of course remember that the guest is acting like a computer on your network especially if it is in bridged networking mode. If your other computers are wide open and the guest is able to reach out and touch those computers it is just as bad as a real one having a problem.