Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: ESX Vmware Physically connected to different segments
From: "David M. Zendzian" <dmz () dmzs com>
Date: Mon, 28 Jan 2008 16:10:38 -0500

Yes that makes sense :)

Actually we also do have different physical server for firewall/router/load balancer virtualization layer and different server for "internal". While we do not have dedicated servers for dmz/internal hosts, we will as we start gaining the customers who need it (currently we're about 50/50 internal vs external hosts, so as we grow we'll be looking to split those up as well. It's hard to do it "right" out of the box :)

David

Kurt Buff wrote:
Ah.

I misunderstood your business.

In a situation like this, I don't think you have a choice, though I
don't have enough experience in such a situation to comment
coherently.

I was envisioning the servers being at the client site, and that you
were using virtualization for hosts that were both in the DMZ and the
internal network(s), and that's what I was preaching against.

Kurt

On Jan 28, 2008 1:02 PM, David M. Zendzian <dmz () dmzs com> wrote:
Just the fact that we mix customers in a virtual environment creates a
similar risk. We aren't able to offer a dedicated host for every
customer who wants a virtual environment, that would defeat the purpose
of virtualization.

Maybe I missed part of the earlier discussion, and I'm always ready to
look at other ways of approaching the problem. Other than dedicated
hosts for each customer, what would you suggest a basic design be to
provide what you are describing?

David


Kurt Buff wrote:
Sorry, hit send too quickly. More below:

On Jan 28, 2008 12:32 PM, David M. Zendzian <dmz () dmzs com> wrote:
<snip>

The only way to be secure is to unplug, the rest of us have to work for
a living :)


There are other ways of hosting internet-exposed sites, and I believe
you are doing your customers a disservice by mixing domains in this
fashion, which (IMHO) exposes them to unnecessary risk.

Kurt





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]