Security Basics mailing list archives
RE: VM Host with guests on the Internal and DMZ networks
From: "Petter Bruland" <pbruland () fcglv com>
Date: Tue, 12 Jun 2007 16:21:46 -0700
I'm no security expert, but I've seen some security vulnerabilities with VMWare. Sounds like an awesome way to get a VM into DMZ, but unfortunately I don't think that is safe. Not sure how relevant the vulnerabilities below are to you, but those were picked up by a simple "VMWare vulnerability" Google search. http://www.networksecurityarchive.org/html/Exploits-HackingTools/2007-05 /msg00003.html http://secunia.com/advisories/24788 http://www.eweek.com/article2/0,1895,1904647,00.asp http://secunia.com/advisories/18162/ http://blog.trendmicro.com/vmware-nat-vulnerability/ -Petter -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mark Sutton Sent: Tuesday, June 12, 2007 9:39 AM To: Megan Kielman Cc: security-basics () securityfocus com Subject: Re: VM Host with guests on the Internal and DMZ networks Hi Megan, A host configured like this would effectively bypass the security devices that create the DMZ rendering the DMZ pointless I think you had it right with the really bad idea. :-) Best Regards Mark Sutton Megan Kielman wrote:
Security Folks, We want to have a VMWare host (VMWare Server) that has guest systems on the DMZ and Internal LAN. To accomplish this the host would have two interfaces, one on each network. Is this a really bad idea from a security perspective? What are some ways to mitigate the risks? Thanks! Megan
Current thread:
- VM Host with guests on the Internal and DMZ networks Megan Kielman (Jun 12)
- Re: VM Host with guests on the Internal and DMZ networks Mark Sutton (Jun 12)
- RE: VM Host with guests on the Internal and DMZ networks Petter Bruland (Jun 13)
- RE: VM Host with guests on the Internal and DMZ networks Rob McShinsky (Jun 12)
- MS Virtual Server- SW Development Scenario WALI (Jun 13)
- Re: VM Host with guests on the Internal and DMZ networks Jason Ross (Jun 12)
- <Possible follow-ups>
- Re: VM Host with guests on the Internal and DMZ networks krymson (Jun 13)
- RE: VM Host with guests on the Internal and DMZ networks Steven Jones (Jun 13)
- Re: VM Host with guests on the Internal and DMZ networks Mark Sutton (Jun 12)