Security Basics mailing list archives

Re: Re: Re: VM Host with guests on the Internal and DMZ networks

From: ssk_outlaw () yahoo com
Date: 20 Jul 2007 02:55:28 -0000

on a different tangent, the biggest threat of such a setup is the threat from inside. the sysadmins.

the sysadmins at the flick of a switch (setting) are able to turn up/down ports on either networks, bridge the network 
segments thus bypassing commonly established security practices.

do you trust your sysadmins that much ?

while this is typically not possile with a phsyical layer seperating them where in typically a network/security team 
over sees the port allocation for new servers.

it's best if all dmz servers are stacked on a seperate VM Host and all the protected network servers are stacked on a 
different VM Host.

Hope this helps,

- S

Current thread:

Re: Re: VM Host with guests on the Internal and DMZ networks securinet2004 (Jul 17)
- <Possible follow-ups>
- Re: Re: Re: VM Host with guests on the Internal and DMZ networks ssk_outlaw (Jul 20)
  - RE: Re: Re: VM Host with guests on the Internal and DMZ networks Rob McShinsky (Jul 20)