topic Re: Malware/Ransomware Testing...Safe On Separate VLAN? in Network Security

Malware/Ransomware Testing...Safe On Separate VLAN?

1timcisco — Sat, 07 Aug 2021 21:14:45 GMT

I have an ESXi server connected to 1 physical interface on my firepower 1010 that has 2 VLANS.

I have my pentest/kali box on one VLAN and a nasty malware infected windows machine one the other VLAN.

I have set the access rules to only let traffic in the malware network but nothing comes out.

Is this setup safe. I have other interfaces routed to other trusted networks on the firepower 1010 that I don't want to infect at all cost.

Re: Malware/Ransomware Testing...Safe On Separate VLAN?

balaji.bandi — Sat, 07 Aug 2021 21:47:24 GMT

as long it is a separate setup from the production network you are good with, different interface and different zone.

make sure after testing, that the device can not connect to another Lan ? without proper investigation or wipe and build new before bringing to Live network.

Re: Malware/Ransomware Testing...Safe On Separate VLAN?

johnlloyd_13 — Mon, 09 Aug 2021 04:13:39 GMT

hi,

is this a live production network?

it's not advisable to do any pen testing in a live network unless there's an explicit permission from your IT management.

it's better and safe to test on an isolated network or in a virtual lab environment.