Re: ESX Vmware Physically connected to different segments

From: Enno Rey <erey@xxxxxxx>
Date: Fri, 25 Jan 2008 21:31:22 +0100

Hi,

back that up or in your experience have you been able to exploit this
type of configuration?

As long as it is set up correctly I think this would be fine.

However, part of "correctly", AFAIAC, is that both subnets are in the
same security domain - that is, if one is trusted, the other must be
as well.

but then... why should you segment at all... if the "security level" of the instances is the same?
the basis for segmentation (if not required per se per architecture guidance) usually is either different protection needs, different threat exposure or both.
if none of those applies no need to segment.
if one of those applies putting a trust boundary on a system like ESX which has so many flaws and weaknesses as for memory isolation/protection and stuff might be a bad idea...

my 0.02

thanks,

Enno

--
Enno Rey

Check out www.troopers08.org!

ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1

Handelsregister Heidelberg: HRB 7135
Geschaeftsfuehrer: Roland Fiege, Enno Rey

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

References:
- ESX Vmware Physically connected to different segments
  - From: Albert R. Campa
- Re: ESX Vmware Physically connected to different segments
  - From: Kurt Buff

Prev by Date: Re: VA / PT Pricing??
Next by Date: Re: Faxing and PCI DSS compliance
Previous by thread: Re: ESX Vmware Physically connected to different segments
Next by thread: RE: ESX Vmware Physically connected to different segments
Index(es):
- Date
- Thread

Relevant Pages

Re: Computer GUID
... >> Can two computers in the same LAN have the same MAC address? ... Not on the same network segment. ... subnets, but not the same subnet (but if the two subnets are VLANs ...
(comp.security.misc)
Re: browser service
... We have 3 subnets in our network. ... so I can ping the workstation ... On the windows 2003 server (on the segment 62) ... Windows Networking does not span subnets. ...
(microsoft.public.win2000.networking)
Re: best tr/eth router machine?
... >> Bring a note of your segment addressand SNMP info if you want to ... > segment addresses == subnets? ... Yessir. ...
(comp.sys.ibm.ps2.hardware)