On 7/21/05, Richard St John <Richard.StJohn@gbe.com> wrote:
One of our managers would like to take a server running VMWARE and
connect it to our DMZ and assigning specific OSs to the DMZ NIC. Not bad
so far, 8 or 9 servers running through one NIC on our DMZ.
I assume this is ESX/GSX?
The hmmmm part of the problem is the servers he wants to use already
have another NIC on our internal server network and is running 2 or 3
servers.
Ouch!
So essentially he is asking to put the same server on our internal
network and our DMZ, using VMWARE which he assures me cannot be
compromised in such a way that the compromised OS can see the NIC card
it is not assigned to see. The installed OS for each VMWARE section can
only see what it is assigned to see and cannot see the rest of the
machine(s) and hardware.
Having not worked with VMWARE as much as I would like to, can
someone see any issues with this, confirm it works securely,
or confirms it fails miserably.
What does VMWare have to say about this design?
Even the lack of an answer would speak volumes...
I am leery about it because I have one machine on two networks that
essentially traverse the firewall. Is VMWARE secure enough to do this?
Gut reaction is to say "no, it's not secure enough".
Aside from the remote possibility of a vulnerability in VMWare allowing
compromise of the host OS from a guest -- there was a claim in 2003 that
an overflow in VMAuthdSocketRead() could allow compromise of the host
OS from within a guest OS.
Then there is the ease in which an administrator or (inside attacker) with
access to the host OS could intentionally or unintentionally create/expand
a guest with virtual interfaces on the inside and outside of your network.
Kevin Kadow
