Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: VM Host with guests on the Internal and DMZ networks

From: "Petter Bruland" <pbruland () fcglv com>
Date: Tue, 12 Jun 2007 16:21:46 -0700
I'm no security expert, but I've seen some security vulnerabilities with
VMWare.

Sounds like an awesome way to get a VM into DMZ, but unfortunately I
don't think that is safe.

Not sure how relevant the vulnerabilities below are to you, but those
were picked up by a simple "VMWare vulnerability" Google search.

http://www.networksecurityarchive.org/html/Exploits-HackingTools/2007-05
/msg00003.html

http://secunia.com/advisories/24788

http://www.eweek.com/article2/0,1895,1904647,00.asp

http://secunia.com/advisories/18162/

http://blog.trendmicro.com/vmware-nat-vulnerability/

-Petter  

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mark Sutton
Sent: Tuesday, June 12, 2007 9:39 AM
To: Megan Kielman
Cc: security-basics () securityfocus com
Subject: Re: VM Host with guests on the Internal and DMZ networks

Hi Megan,

A host configured like this would effectively bypass the security
devices that create the DMZ rendering the DMZ pointless I think you had
it right with the really bad idea. :-)

Best Regards
Mark Sutton

Megan Kielman wrote:

Security Folks,

We want to have a VMWare
host (VMWare Server) that has guest systems on the DMZ and Internal 
LAN. To accomplish this the host would have two interfaces, one on 
each network. Is this a really bad idea from a security perspective? 
What are some ways to mitigate the risks?

Thanks!
Megan
Previous By Date Next
Previous By Thread Next

Current thread: