Security Basics mailing list archives
Re: Re: Re: VM Host with guests on the Internal and DMZ networks
From: ssk_outlaw () yahoo com
Date: 20 Jul 2007 02:55:28 -0000
on a different tangent, the biggest threat of such a setup is the threat from inside. the sysadmins. the sysadmins at the flick of a switch (setting) are able to turn up/down ports on either networks, bridge the network segments thus bypassing commonly established security practices. do you trust your sysadmins that much ? while this is typically not possile with a phsyical layer seperating them where in typically a network/security team over sees the port allocation for new servers. it's best if all dmz servers are stacked on a seperate VM Host and all the protected network servers are stacked on a different VM Host. Hope this helps, - S
Current thread:
- Re: Re: VM Host with guests on the Internal and DMZ networks securinet2004 (Jul 17)
- <Possible follow-ups>
- Re: Re: Re: VM Host with guests on the Internal and DMZ networks ssk_outlaw (Jul 20)
- RE: Re: Re: VM Host with guests on the Internal and DMZ networks Rob McShinsky (Jul 20)