Re: Semi-OT: blade servers, backplanes, and DMZs

[George Capehart <capegeo () opengroup org>]

On Thursday 05 February 2004 11:51 pm, Phil Burg wrote:
> Folks
>
> a somewhat off-topic question that I'd appreciate some insight into:
>
> A client has proposed implementing blade servers in a common
> enclosure on two different DMZs
> (obviously with two different security policies in place).

What do the security policies say?  If they don't address the 
acceptability of implementing blade servers which are affected by 
different security policies in the same enclosure, they need to.  The 
decision needs to be made by the owners of the risk . . .

> My immediate response is no - the claim that nothing can possibly
> leak across a blade enclosure
> backplane sounds a lot like the old claims about VLANs being
> effective security devices -
> but the client sees an opportunity to save floor space in a data
> centre, and is pushing hard.

*My* response would be to go through a very quick and dirty 
Certification and Accreditation process, require that the customer 
address the (lack of) policy issue, and, then, whatever the response, 
get them to sign off on the residual risk . . . Then do whatever it is 
that they insist on knowing that they have formally and publicly 
accepted the risks associated with their decision.  In other words, 
CYA.  :-)

My $0.02

Cheers,

George Capehart
-- 
George Capehart

capegeo at opengroup dot org

PGP Key ID: 0x63F0F642 available on most public key servers

"It is always possible to agglutenate multiple separate problems into a
 single complex interdependent solution.  In most cases this is a bad
 idea."  -- RFC 1925

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards