Hey everyone! I'm in the process of setting up a couple of VMs—one with Windows 11 and another with Linux Mint—for some security testing like investigating suspicious email links. We're currently planning to put these on a guest WiFi network for isolation. Management is looking for an extra layer of security since we're already using a non-admin account on the Windows machine.
In my previous job at a hospital, we had a dedicated second internet connection for these kinds of tasks. I was thinking of a more budget-friendly solution: if we just use a commercial VPN service (like PIA) on the host system, will that ensure that the VMs won't have any access to our internal network unless they break out of the VM? I'm not super confident in my networking knowledge, so I'd love to hear your thoughts!
5 Answers
Have you considered using a service like any.run instead? It sounds like you're trying to create a sandbox environment, but the right service can do this much better and more securely. Our sandbox is physically separate from any corporate networks and designed for maximum safety against mishaps.
It really depends on your compliance requirements. An isolated VM on guest WiFi can be fairly safe, but adding a VPN can indeed help protect your WAN IP. Non-admin credentials are good, but true air-gapping would be the safest way forward if that's a possibility.
Oh no, using just a VPN isn’t enough. While a VPN routes your traffic through their servers, local traffic might still slip through unchecked. Plus, how do you ensure the VPN is always connected? It’s a gamble.
Honestly, it sounds like a risky setup. Even with a little bit of isolation, the way you describe it is still too connected to your main network for comfort. This doesn’t really achieve true air-gapping, which is important for safely clicking on potentially harmful links.
Absolutely don't do this. There are free options like Cuckoo Sandbox that can give you more data and are far more secure. Ideally, you should run this on an isolated cloud VM that isn't linked to your regular infrastructure at all.
But how do you actually investigate things if it's air-gapped? It seems counterproductive.