Page 1 of 1
Can guest infect host/other guest even in sandbox?
Posted: 27. May 2014, 20:13
by johnsnowjustcame
I'm going to be running VBOX on Server 2008. I will have two Linux Guest and one Windows 7 Guest. One Linux and the Windows 7 Guest are to manage an appliance via a crossover cable and the same goes for the second Linux guest. Both appliances receive data from a span port on the back side of a DMZ. Each appliance will have it's own NIC on the server. Before I decide to deploy this setup, I have one simple question. Let's say even though this is essentially a sandbox environment - if one of these guest were to be infected, is there any chance that the infection could just from the guest to the host or guest to guest even though everything is logically separated and using NAT? Everything will be hardened, no shared folders, or shared clipboards, antivirus, firewalls, etc. Just my first time using a virtual machine/network and curious if this is possible. Thanks.
Re: Can guest infect host/other guest even in sandbox?
Posted: 28. May 2014, 16:55
by scottgus1
Nothing with the bad guys is a certainty. There's always a possibility they might be able to get across from guest to host, but the possibilities can be limited.
If each guest has its own NIC and the host has its own NIC, and the host doesn't have any access through the guest NICs, and the guests are kept away from the host NIC, you might be OK.
If you allow the host to access the guests' networks through the guest NICs, or attach the guest to the NIC the host uses in any way, even through NAT, the guest might (in the first case) or would (in the second case) be able to access the host's network and put things on the host or on other things on the host's network.
Re: Can guest infect host/other guest even in sandbox?
Posted: 30. May 2014, 18:13
by noteirak
Let's keep is simple : if you allow any kind of network connection, you risk infection. Simply as that.