Hi Workstation group,
I'm using Workstation 9 on a Win7Pro box to set up several Win- and Linux-based guests. I'm using the guests as study platforms for learning about netsec / ethical hacking. My goal is to make the guests sandboxed areas where I can test things without too much worry about affecting the host.
My question is: how do I set up my host / guests in such a way that I'm maximizing protection of the host environment? I don't mind if I do something to compromise the guests (download viruses / malware, etc.), but I need to keep my host clean. I know that it is a bad idea to set up shares between the two, but other than that I don't know what to watch out for. Specifically I'm wondering:
- should I disable drag and drop / copy and paste between host and guest?
- if I run a vpn service within the guest, is the host protected from malicious traffic?
- what is the best network config for the guests (bridged, host-only, NAT)? I do need net access from within the guests, and possibly access from guest to guest.
- I've encrypted the vm guests--is there anything else I should do in terms of setting up the disks, procs or memory?
- are there any other security best practices I should consider for setting up a sandbox?
Thanks in advance for any advice!