1

I have seen several tutorials about setting up Virtualbox networks for Kali & vulnerable machines together using the option Internal network, but I have several questions regarding other configurations and the risks for my home network:

  • I would like to have internet connection inside Kali. Usually I would use NAT, but if I also have another connection to vulnerable machines using Internal network, is it secure?

  • For testing and experimenting in my home network (specially local machines), I am thinking of using Bridged. From what I understand, the security of Kali is similar to any other linux OS. Is it true, or the services it runs create a potential risk? (For this case I would not use vulnerable machines connected to Kali via Internal network)

Aurelie Navir
  • 113
  • 3
  • 1
    "Is it secure?" -- from what? – schroeder Nov 15 '21 at 16:00
  • 1
    Kali is very explicit about how weak its set up is. "the services it runs create a potential risk?" -- uh, the entire Kali toolset is about finding and exploiting weaknesses, so, yes, they would pose a risk ... – schroeder Nov 15 '21 at 16:01
  • uhm... since I am a noob trying to learn things I guess my question is too vague. What I am trying to ask is if there is a better way to setup things. My fear is that if I configure it too badly someone from outside could access my network. – Aurelie Navir Nov 15 '21 at 16:10
  • 1
    Sure, only use a fresh install of Kali to test your home network. – schroeder Nov 15 '21 at 16:15
  • Are you trying to ask if bridging your VM sandbox would expose your home network to risk from any malware you’re running in that sandbox? The answer is yes. Normally you’ll only use internal networking to prevent such leakage. – John Deters Nov 15 '21 at 21:06

1 Answers1

2

Although I don't have too much experience in setting up a lot of vulnerable servers, "secure" might be a bit vague depending on how you set up your router. Correct me if needed as well.

I would like to have internet connection inside Kali. Usually I would use NAT, but if I also have another connection to vulnerable machines using Internal network, is it secure?

From what I read up on the difference between Bridged and Internal, they're not too different except internal is safer to use than bridged. From what I've read on the VirtualBox manual:

In bridged networking mode, all traffic goes through a physical interface of the host system. It is therefore possible to attach a packet sniffer such as Wireshark to the host interface and log all traffic that goes over it. If, for any reason, you prefer two or more VMs on the same machine to communicate privately, hiding their data from both the host system and the user, bridged networking therefore is not an option.

Source: https://www.virtualbox.org/manual/ch06.html#network_internal

Bridged

From my point of understanding, if you have 2 VMs set up - 1 vulnerable, 1 Kali, Bridged connection will typically make the connection between those 2 VMs a lot easier due to both being hosted on the same subnet, meaning that if you have an external computer/laptop that connects it to the same router, they can see some of the services/ports that are opened from the IP address of your host computer (That is, if the ports are port-fowarded). The only thing I would worry about here is if there is a service in an open port that you opened and someone connected to your Wifi (or you setup a VPN client/server on your host computer and shared a client packet somewhere), where he/she exploits an zero-day guest-to-host exploit and take control of your host computer, which is extremely unlikely, but possible.

Internal

Internal works the same way, as bridged, however, the only source of communication it has is with the other VM that is set up, where neither VM or the host can communicate with each other.

Overall, internal is a lot more secure if you only want the VMs to interact with each other. Bridged is more towards if you want any other device to interact with the host & the VMs.

Dong Jun
  • 61
  • 4