Security Basics mailing list archives
RE: VMWare deployment
From: "Dan Lynch" <DLynch () placer ca gov>
Date: Mon, 4 May 2009 13:44:24 -0700
I'm no VMWare security expert, but when our internal server support group proposed this, I did a bit of research, and found very few people (outside of VMWare, Inc.) who advocated mixing security zones on a single virtual host server, and a good sized pile who recommend against it. http://srmsblog.burtongroup.com/2008/01/five-immutable.html http://www.eweek.com/c/a/Security/VM-Security-Risks-Phantom-or-Menace/ http://spiresecurity.typepad.com/spire_security_viewpoint/2008/03/virtua lization.html http://securosis.com/2008/04/17/vmware-please-hire-the-hoff/ http://rationalsecurity.typepad.com/blog/2008/04/the-four-horsem.html> My conclusion: "our existing practice is to segregate high risk networks from high value ones with a real-life air gap. Switches that service DMZ and internet networks, don't also trunk high value internal network VLANS. There's no reason the same practice should not apply to our virtual environment." Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of W W Sent: Sunday, May 03, 2009 9:11 AM To: security-basics () securityfocus com Subject: VMWare deployment I have an organization who is deploying a VMware solution. They are setting it up to host both DMZ servers and internal servers. They are utilizing the virtual switch to isolate the traffic between the two networks. All the VM instances however are running from a share NAS solution. What security considerations should be looked at? Are there any good documents out there discussing the use case? -------------------------------------------------------------- ---------- This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- VMWare deployment W W (May 04)
- RE: VMWare deployment Dan Lynch (May 05)