I would say this is not likely the best thing to do vmware is software and
possibly exploitable meaning someone could essentially own tha machine it runs
on and have free access to your internal lan, secondly if the compromised
vmware os/oses it is possible the could bind to this other nic and have a way
in as well. But I am no vmware expert by any means and these are my 2cents
which I am sure will raise some debate
Bruce Martins
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@extend.com
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Sent from my BlackBerry Wireless Handheld
-----Original Message-----
From: Richard St John <Richard.StJohn@gbe.com>
To: firewalls@securityfocus.com <firewalls@securityfocus.com>
Sent: Thu Jul 21 16:38:57 2005
Subject: VMWARE/DMZ Question
Hello List,
This is not necessarily a firewall question, but would like opinions.
One of our managers would like to take a server running VMWARE and
connect it to our DMZ and assigning specific OSs to the DMZ NIC. Not bad
so far, 8 or 9 servers running through one NIC on our DMZ.
The hmmmm part of the problem is the servers he wants to use already
have another NIC on our internal server network and is running 2 or 3
servers.
So essentially he is asking to put the same server on our internal
network and our DMZ, using VMWARE which he assures me cannot be
compromised in such a way that the compromised OS can see the NIC card
it is not assigned to see. The installed OS for each VMWARE section can
only see what it is assigned to see and cannot see the rest of the
machine(s) and hardware.
Having not worked with VMWARE as much as I would like to, can someone
see any issues with this, confirm it works securely, or confirms it
fails miserably.
I am leery about it because I have one machine on two networks that
essentially traverse the firewall. Is VMWARE secure enough to do this?
Thought, comments, suggestions
Richard St. John
