How to sandbox a VMWare image as much as possible
- by Craig H
The situation:
-A corporate environment, with a corporate managed XP desktop (locked down, patched regularly, restricted user rights, no manual install of SW, AV, etc.)
The requirement:
-Using VMWare Workstation, run a sandboxed image (also XP) for specific testing purposes (with admin rights in the guest VM). No network connectivity is required. It can't be a separate standalone physical workstation disconnected from the network.
(FWIW, this is a legitimate, sanctioned requirement - not someone trying to get around corporate restrictions.)
The challenge:
-Do this in as safe/secure a manner as possible.
The proposed solution:
-Create an image with host-only networking.
-Perhaps remove the virtual ethernet adapter? (not sure if it's required for basic VMWare functionality?)
The question (finally):
-What potential risks remain (and how could I best mitigate them)?
One challenge is that the guest VM will not be a managed workstation itself, so patching, AV, etc. can't be guaranteed (and, ironically, would in fact be somewhat difficult given the proposed solution!)