Re: ESX Vmware Physically connected to different segments

Hi,

> > back that up or in your experience have you been able to exploit this
> > type of configuration?
>
> As long as it is set up correctly I think this would be fine.
>
> However, part of "correctly", AFAIAC, is that both subnets are in the
> same security domain - that is, if one is trusted, the other must be
> as well.

but then... why should you segment at all... if the "security level" of the 
instances is the same?
the basis for segmentation (if not required per se per architecture guidance) 
usually is either different protection needs, different threat exposure or both.
if none of those applies no need to segment.
if one of those applies putting a trust boundary on a system like ESX which has 
so many flaws and weaknesses as for memory isolation/protection and stuff might 
be a bad idea...

my 0.02

thanks,

Enno



-- 
Enno Rey

Check out www.troopers08.org!


ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1

Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------