Re: VM Host with guests on the Internal and DMZ networks

[krymson () gmail com]

I think you have really two things to worry about:

1) Attacks against the host. If your host is attacked and taken over, all those guests could fall. Keep it hardened to 
your chosen vendor's specs!!

2) Attacks local to the guest allow the guest to attack the host. This should require the guest VM to already be 
rooted/owned enough to be popped. You can Google up things like, blue pill, hypervisor, rutkowska (researcher), and 
breaking out of virtual machines/guests. Honestly, while this can blossom into a very important issue, so far the 
attacks are pretty exotic and you're not likely to see them.

We currently have about 60 virtual machines. Some VMs are on the DMZ and others are internal, often on the same host. 
Your security risk is not too much larger because those two classes of attacks listed above are still pretty exotic and 
not widespread. That may not prove to be secure as the years go by, but your risk right now should not be huge. Only 
you can answer that, though, as you know how sensitive or regulated your company's network needs to be. In anything but 
a shop with budget and the need to be very surely secure otherwise people may die, I think straddling a host over the 
DMZ/internal is a viable situation right now.

Of course, tomorrow Joanna may release something that can worm its way through VMs into the hosts and we'd all be 
screwed...


<- snip ->
We want to have a VMWare
host (VMWare Server) that has guest systems on the DMZ and Internal
LAN. To accomplish
this the host would have two interfaces, one on each network. Is this
a really bad idea from a security perspective? What are some ways to
mitigate the risks?