I have been asked by some people with whom I am working to remotely access their intranet. The primary reason is for me to have access to their library portal. Mostly I would be downloading PDFs and graphics.
This is a VPN connection. I know very little about VPNs. Hence I am surfing the web for more information.
The company network is all Windows using the Juniper client software for remote access. The library portal requires the Java run-time engine.
Company policy requires allowing virus scanning on client machines.
Whereas the people in the host network have standing to protect their systems, I have standing to protect my systems.
If virus scanning is allowed then the server side computers pretty much have access to the entire client machine.
Therefore I am hoping to use a bare-bones Windows VirtualBox machine (VM) as my VPN client.
Although I have no reason to suspect the other people from rooting my virtual machine, or performing malicious or shenanigan acts, I no less want to protect myself. I have no idea what the people at the other end might install or try to scan or snoop. Common sense stuff.
1. Which type of network mode for the VM? NAT? NAT with port forwarding? Bridged? Host-only? I am using bridged connections for all of my current VMs because I want all of my current VMs to connect to one another and my host machine. I can't change those settings. Yet I don't want this new VM connecting to anything but the VPN. I do not want the possibility of anything in the VPN accessing my host machine or other VMs.
2. After I finally establish and test the connection, should I create a snapshot from which I always start the VM or am I being too paranoid?
3. Will a VM be too slow for a VPN client? Seems there are several network interface layers involved. Would a separate stand-alone physical machine be a better option?
4. What other VPN security concerns should I be aware?
I use VirtualBox 3.2.12 OSE. My VMs run on a Slackware 13.1 host. My host machine is behind a Linksys WRT54GL 1.1 router/switch, which connects to the ISP CPE.
Thanks much!