I am looking to join the warzone hosted by overthewire.org using an Ubuntu VM hosted in VirtualBox on Windows 10. I posted here a few days ago asking whether or not others on the warzone could use my VM to compromise my host machine and/or my home network. Here is the answer by multithr3at3d:
Yes, if your VM is accessible to other participants, it could potentially be attacked and/or compromised. Once the VM is compromised, it can trivially be used to attack the rest of your network.
While this may not be likely for a default install with no services running, be careful what services you expose (if any). Like the site says, a properly configured firewall should prevent most issues.
I responded saying that I would try to contact overthewire's community, which did not work.
What do I need to do in order to set this up? I presume I need a firewall on the host machine. Are there any extra layers of protection I can add on without forking out cash for paid antivirus?
After more research, I found the term for what I want: I want to stop a VM escape.
To clarify the structure of this system:
They host a VPN network. I have my home machine on my home network hosting a Virtual Machine. I log into my virtual machine and connect the VM to their network.
From what I understand, anyone to whom I connect with my VM can see my IP address. Once others in the warzone have gotten malware onto my VM, how can I prevent them from attacking my host machine and my network?
