different workgroup = not vulnerable?

F

frankyk

Gawd
Joined
Jan 30, 2004
Messages
891
If i'm running virtual machine on my computer and my VM is in workgroup MSHOME and i'm in workgroup HOME

if i unleash a few viruses (just to play around with to see what they do), would they be able to snoop into the HOME workgroup?

i.e. are the computers using my internet connection vulnerable, if they are in a different workgroup
 
Different workgroups on the same network segment make using Network Places more difficult. That's about it. Has zero security value. As suggested. Just disable the VMNic on the Virtual Machine. It's then isolated.
 
Workgroups are only an old (and relatively useless) method of visually organizing your network in Network Neighborhood/My Network Places. It has absolutely nothing to do with access, rights, permissions. Many people think computers need to be in the same workgroup in order for them to access each other/sharefiles/etc. That is absolutely not true...at all.

It's only a visual way of organizing network neighborhood...so that you have "groups" of computers. Kind of a useless thing really. In order to "see" other computers that are in "other" workgroups than your own...you have to double click up a layer..then double click into the workgroup you wish to see..then you can see members of that workgroup. But as far as being able to access computers in other workgroups...the rules are the same as if they were in your own workgroup. You can still always get to them via \\computername-or-ip address\c$.... without leaving your workgroup...and that's all a virus/worm/trojan cares about.
 
If you really want to do this safely....

Don't do it!


j/k :)


But if you must then:
Put together a smoothwall, m0n0wall, pfsense, etc router from an old P2 or P3

Then you can build your network on completly isolated segments that the router won't even let the segments know the other segments exist.

So the experimental machine will be in a DMZ and able to get to the internet and the rest of the network will be protected.

I'm running a pfsense router on a P3 Cellery 950MHz and I love it. And I've only got about $100.00 in it.



 
If I was to approach this...and needed internet access for this guinea pig machine...I'd VLAN it. Or double-NAT it..stick it behind another router.
 
actually, this is one of the things you SHOULD be using vmware for. i think people are not reading the post entirely. firewalling and routing is not going to help. the virtual machine and his real machine share the same NIC. there is no way to segment them.

the best thing to do is disable the bridged adapter when you do this. if you want to see how the virus might spread through a network, set up another VM and put that one and the current VM on the same VMNet. just make sure it is NOT the VMNet set for bridged mode (shared network with your real computer).
 
big daddy fatsacks said:
actually, this is one of the things you SHOULD be using vmware for. i think people are not reading the post entirely. firewalling and routing is not going to help. the virtual machine and his real machine share the same NIC. there is no way to segment them.

the best thing to do is disable the bridged adapter when you do this. if you want to see how the virus might spread through a network, set up another VM and put that one and the current VM on the same VMNet. just make sure it is NOT the VMNet set for bridged mode (shared network with your real computer).
Click to expand...


I agree with you.
But to me playing with viruses/trojans/etc is kind of like juggleing live hand grenades.

Something that shouldn't be done where I live!


I've just spent almost 5 days trying to get rid of the latest variant of "spy falcon/spyaxe/ or whatever you want to call it. It was so new that none of the latest spyware tools would even identify it. They would only find the other crap it would download. It would even use zlob and a couple of other viruses and corrupt downloads of spyware removal tools.

That's why I suggested the Hardened DMZ thing.

Because no matter how you set up VMware, sooner or later a file from that VM will end up on your local hard drive. And when that happens, I'd rather have to only deal with fixing 1 computer than my entire network.

Just my 0.02 cents.

 
big daddy fatsacks said:
actually, this is one of the things you SHOULD be using vmware for. i think people are not reading the post entirely. firewalling and routing is not going to help. the virtual machine and his real machine share the same NIC. there is no way to segment them. .
Click to expand...

I understood it..what I'm talking about ...is using an entirely different computer. In which case, double NAT'ing to another subnet, or VLANing, would indeed do the job.

He talking about possibly using VMware..that's one subject. And he also talked about other computers on his network..and ability of things to spread across a network. That's another subject..the one my VLANing and/or double NAT'ing addressed.
 
YeOldeStonecat said:
I understood it..what I'm talking about ...is using an entirely different computer. In which case, double NAT'ing to another subnet, or VLANing, would indeed do the job.

He talking about possibly using VMware..that's one subject. And he also talked about other computers on his network..and ability of things to spread across a network. That's another subject..the one my VLANing and/or double NAT'ing addressed.
Click to expand...

'Cat,
Looks like me and you are the only ones suggesting trying to quarintine a possible infection before it starts.

Well, at least we're in good company! :D

 
use a completly seperate computer not connected to anything but a monitor and keyboard :D
 
rodsfree said:
Because no matter how you set up VMware, sooner or later a file from that VM will end up on your local hard drive.
Click to expand...

..................................... ?
 
its all to risky...

I say, get an old HDD and use if the the test OS, and never have both HDDs powered on at the same time.. not matter what OS your booting..
 
yeah, i'm a doofus :rolleyes: go read up on vmware, and then get back to me.

rodsfree said:
'Cat,
Looks like me and you are the only ones suggesting trying to quarintine a possible infection before it starts.

Well, at least we're in good company! :D

Click to expand...
 
YeOldeStonecat said:
Workgroups are only an old (and relatively useless) method of visually organizing your network in Network Neighborhood/My Network Places. It has absolutely nothing to do with access, rights, permissions. Many people think computers need to be in the same workgroup in order for them to access each other/sharefiles/etc. That is absolutely not true...at all.

It's only a visual way of organizing network neighborhood...so that you have "groups" of computers. Kind of a useless thing really. In order to "see" other computers that are in "other" workgroups than your own...you have to double click up a layer..then double click into the workgroup you wish to see..then you can see members of that workgroup. But as far as being able to access computers in other workgroups...the rules are the same as if they were in your own workgroup. You can still always get to them via \\computername-or-ip address\c$.... without leaving your workgroup...and that's all a virus/worm/trojan cares about.
Click to expand...
Its not that useless on large networks, although AD seems to take away that capability. I liked being able to hit individual workgroups to see who was on, quick visual inventory of what systems were running at the time.

Its easier to find 1 computer out of a workgroup of 25 in a network of 300+ than 1 computer in a workgroup of 300+. Nice in the Windows 2000 days as well, it took Win2K too long to poll the network, 98 was much faster in those days. Of course I wasn't running AD back then, still NT 4.0 domain.
 
Malk-a-mite said:
..................................... ?
Click to expand...

The Windows VM's automatically setup networking. Just like a normal winidows install.

The only way to prevent it is to remove the virtual NIC from the VM before your OS install.
Then you wouldn't be able to connect to the internet to get all those interesting viruses.

And even then you can copy and past from the VM's window to the Host machine. Which, can't be disabled - IIRC.

So yeah, eventually a file from the VM will make it's way onto the host.

big daddy fatsacks said:
yeah, i'm a doofus go read up on vmware, and then get back to me.
Click to expand...

I didn't say that you were a doofus.
And I'm current building various VM's using the New VMWare Server Beta. Using a lot of different OS's.

And in every case, that I've found, there remains the possibility of an open network connection between the host and the VM. Hell, Fedora Core 5 automatically installs a Samba server that will reach out and touch every subnet that the virtual NIC can possibly reach. Unless, you DMZ that bitch behind a serious firewall.

If you know how to COMPLETELY isolate that VM and maintain an internet connection without double NATing it or something equally obscure - then I'd really like to know.
 
rodsfree said:
The only way to prevent it is to remove the virtual NIC from the VM before your OS install. Then you wouldn't be able to connect to the internet to get all those interesting viruses.
Click to expand...
Or you could get the virus then disable the NIC. Might not be the best solution, but works well enough in VPC (pause, save state, whatever that option is...).

And even then you can copy and past from the VM's window to the Host machine. Which, can't be disabled - IIRC.
Click to expand...
http://www.vmware.com/pdf/server_vm_manual.pdf
Page 127

"To turn off this feature — to prevent accidental copying and pasting from one
environment to another — change your preferences.
Choose Edit > Preferences. On the Input tab, clear the Enable copy and paste to and
from virtual machine check box."
 
You must log in or register to reply here.
Back
Top