0

I've had this idea the other day, to run a Mac mini host (primarily because it's the cheapest game in town with sufficient built-in security hardware, i.e. it has SEP and SIP) with a Linux ARM distribution in a VM as a server, but I'm worried about the attack surface of the exposed macOS host.

My implicit threat model is that I wouldn't want to trust any "system apps, services, and processes, as well as digitally signed apps that are opened automatically by other apps." I am looking for a routing solution to this problem which wouldn't rely on macOS doing its job properly.

Is there a way to securely restrict the host's Internet access, while simultaneously allowing the VM running on this host, perhaps by routing or custom software on the router side of things? I'll be more than happy to build a router from the ground up using something like Raspberry Pi, to achieve this goal.

Cheers,

Ian

Improve this question
1
  • We don't know what VM you're using. On Parallels, you can use Host-Only & assign the VM a separate IP address - then you can handle each address separately from the router.
    – Tetsujin
    Commented Dec 14, 2021 at 16:43

1 Answer 1

Reset to default
1

Provide a USB Wireless card, Use USB Passthrough to the VM. Set up the VM to use the USB Wireless Card.

Make sure the VM is not in Bridged mode.

Now you can restrict Host Internet Access and allow VM Internet Access via the USB Wireless card and Passthrough.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .