In section 5 in Volume 1 of the course, you advise choosing the Bridge Networking option when setting up your VM. Does this not open security issues with that VM though? For example, if you had Metasploitable installed as a VM, does Bridge Networking leave that VM and all it’s vulnerabilities open to getting hacked thus leaving your whole network susceptible? Is it not safer to use a NAT network in this instance?
Hi @donovansi, metasploitable is a test VM. It is just for people to try to get access to it. It is built for being hacked. If you make it NAT, then it will not be accessible by other VMs. The other way of accessing metasploitable VM is to do ssh to the VM from your base machine.
In conclusion, yes, doing a bridge makes the VM vulnerable and also your base system vulnerable if the VM has any malicious program. You should know when to do a bridge and when to do NAT. For metasploitable type of VM or any other vulnerable VMs from vulnhub or similar sites, doing bridge is good. But if you have any VM that has some malware that you are analyzing, then it is not acceptable to do bridge; otherwise, it can infect your base machine.
Thanks a lot for your reply and for the information.
I have a few further questions:
I should have been more clear. I meant a ‘NAT network’ not ‘NAT’ setup. If metasploitable is a test VM in a ‘NAT network’ setup then it is accessible by other VM’s in that ‘NAT network’. Is this correct?
I’m still a little confused about when it is a good idea to use bridge though. Here’s my understanding of what bridge is. Please feel free to correct me about where I’m misunderstanding anything.
Bridge asks the routers DHCP service for a unique IP from the pool, 10.0.0.0/24 for example, and assigns that IP to the VM instance. This VM is now visible to your host machine, hosts of the physical network and external networks, correct? Now, if metasploitable was running as that VM instance and got breached, because of it’s built in vulnerabilities by something or someone externally, could the attacker theoretically somehow pivot to other physical hosts on the physical network and infect those as well? If, so why would you open your network to such vulnerabilities using bridge.
My understanding may be completely off the mark. Please correct me where needed.
If metasploitable is in a NAT network and if you want other VMs to access it, then you have to set the other VM also in that NAT network.
I was not clear in my previous answer. Let me explain in detail about the adaptors. NAT uses an internal IP route other than your physical network, Bridge will use your physical network’s route IP, and Host-Only makes use of a virtual interface that includes your base machine and all the VMs. Now, if you want any of the VMs to talk to other systems in your network, then do it on Bridge. If you don’t want the VMs to interact with other systems on the network, then do NAT.
Now, coming to our case (i.e., running malicious VMs), you should do it on Host-only. With this, the other VMs (on Host-Only) can interact with your malicious VM along with your host machine but not any other systems on your physical network.
Note: If you are using Virtual Box, then you have to create another network adaptor and set it to NAT for it to access the Internet. In the case of VMWare, it automatically runs in a NAT network, and you don’t have to change anything, just set the network adaptor to Host-Only.