Firewall Wizards mailing list archives
Re: VMware (or else) in different areas/dmz
From: m p <sumirati () yahoo de>
Date: Wed, 29 Jan 2003 12:36:27 +0100 (CET)
--- Siebenkaes Stefan <Stefan.Siebenkaes () itellium com> schrieb: > Hello *,
we run a complex environment with a couple of firewalls. The question, that arose: There's need to deliver cheap services in different DMZ, zones, LAN, outside, inside, everywehre. A solution for that is to buy a power machine, install VMware (ESX, GSX) on it and run 20 or 30 virtual machines on that thing. Works great, I have to admit. But now, "they" begin to intermix the zones, the VMware-machine is inside (LAN) and services 4 webservers in different zones, some mail-gateways and so on. So physically the different zones are now connected. Logically, they are separated, because there's no (known!?) inter-virtual-machine-communication. From the money and the features, this is a great thing. From security aspects, my sweat runs cold and I hardly find some sleep :-)
Yep.
What about your opinions on that?
DON'T DO IT.
Does anybody run virtual machines in DIFFERENT zones? Are there any known security issues (besides bad configuration) on communication between virtual machines on VMWare or comparable software?
The problem are not the virtual machines. I had to maintain a network where 2 different groups of Windows machines shared via a switch the same firewall port. 2 different networks were configured so that each network virtually was seperat. Now, think about MAC spoofing, MAC flooding, VLAN spoofing, tcpdump, ..... The main point with the security is: If the data is worth the money and more - secure it. If it is not - don't. But think about the consequences. Just my 2 euro cent Marc __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VMware (or else) in different areas/dmz Siebenkaes Stefan (Jan 28)
- Re: VMware (or else) in different areas/dmz Attila Nagy (Jan 29)
- Re: VMware (or else) in different areas/dmz m p (Jan 29)
- Re: VMware (or else) in different areas/dmz Paul D. Robertson (Jan 29)
- Re: VMware (or else) in different areas/dmz Mikael Olsson (Jan 31)