Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ESX Vmware Physically connected to different segments

from [Kurt Buff] Network Security [Permanent Link]
Subject: Re: ESX Vmware Physically connected to different segments
Date: Fri, 25 Jan 2008 11:41:08 -0800 
On Jan 24, 2008 1:41 PM, Albert R. Campa <abcampa@gmail.com> wrote:

We have some admins setting up some VMs on an ESX server and they have
the idea of setting up 1host server with multiple VMs and on some of
these VMs they want physical NICs connected to our main LAN and other
VMs they want physical wires connected to a DMZ lan.

Normally this would be almost bridging the two networks and bad
practice overall. An explanation from an SA is that virtual switches
are used on the ESX host and this seperates the physical connection to
our main LAN and this DMZ lan.

This does not sound like good practice but is there documentation to
back that up or in your experience have you been able to exploit this
type of configuration?


As long as it is set up correctly I think this would be fine.

However, part of "correctly", AFAIAC, is that both subnets are in the
same security domain - that is, if one is trusted, the other must be
as well. I would *never* put, for instance, a guest OS in a DMZ subnet
if the other guests are in a trusted subnet.

Kurt

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Question re: load balancers as a security device, Dotzero
Next by Date:  Re: Pass-The-Hash Toolkit v1.2 released., rajat swarup
Previous by Thread:  ESX Vmware Physically connected to different segments, Albert R. Campa
Next by Thread:  Re: ESX Vmware Physically connected to different segments, Jeff Norem
Indexes:  [Date] [Thread] [Top] [All Lists]