Penetration Testing mailing list archives

Re: ESX Vmware Physically connected to different segments


From: "Kurt Buff" <kurt.buff () gmail com>
Date: Mon, 28 Jan 2008 10:43:05 -0800

Even if everything is configured properly, mixing security domains in
a virtual hosting is a capital mistake.

That's because the underlying host is also vulnerable, and attacks
against a guest OS in an untrusted domain can be leveraged against the
host, and from there *all* guest OSes are toast, or near to it.

Don't do it, ever.

Kurt

On Jan 28, 2008 5:08 AM, Loupe, Jeffrey J <JLoupe () whitneybank com> wrote:

If everything is setup properly this configuration should be secure. The
problem comes with misconfiguration. It's exceedingly easy for a
careless admin to connect a vNic to the wrong vSwitch and allow traffic
meant for the DMZ onto the trusted network. In general we disallow this
practice unless only one or two trusted admins have control of the box.
Even then, we audit the configuration frequently.

-J

________________________________________________________________

Confidentiality Notice:

This E-Mail transmission (and/or the documents accompanying it)
may contain information belonging to the sender which is
confidential, privileged and/or exempt from disclosure under
applicable law.  The information is intended only for the use
of the individual(s) or entity named above.   If you are not
the intended recipient, you are hereby  notified that any
disclosure, copying, distribution or the taking of any action
in reliance on the contents of this information is strictly
prohibited.  If you have received this E-Mail transmission
in error, please immediately notify us by return E-Mail or
telephone to arrange for return of its contents including any
documents.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


Current thread: