Ah.
I misunderstood your business.
In a situation like this, I don't think you have a choice, though I
don't have enough experience in such a situation to comment
coherently.
I was envisioning the servers being at the client site, and that you
were using virtualization for hosts that were both in the DMZ and the
internal network(s), and that's what I was preaching against.
Kurt
On Jan 28, 2008 1:02 PM, David M. Zendzian <dmz@dmzs.com> wrote:
Just the fact that we mix customers in a virtual environment creates a
similar risk. We aren't able to offer a dedicated host for every
customer who wants a virtual environment, that would defeat the purpose
of virtualization.
Maybe I missed part of the earlier discussion, and I'm always ready to
look at other ways of approaching the problem. Other than dedicated
hosts for each customer, what would you suggest a basic design be to
provide what you are describing?
David
Kurt Buff wrote:
Sorry, hit send too quickly. More below:
On Jan 28, 2008 12:32 PM, David M. Zendzian <dmz@dmzs.com> wrote:
<snip>
The only way to be secure is to unplug, the rest of us have to work for
a living :)
There are other ways of hosting internet-exposed sites, and I believe
you are doing your customers a disservice by mixing domains in this
fashion, which (IMHO) exposes them to unnecessary risk.
Kurt
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
