Home page logo

pen-test logo Penetration Testing mailing list archives

Re: ESX Vmware Physically connected to different segments
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Mon, 28 Jan 2008 13:46:27 -0800

Actually, yes I can compare them. They are both targets, and both will
be exploited at some point, probably sooner rather than later - I'd
guess before the end of the year, and if I were a betting man (I'm
not) I'd put money on it.

Shops that don't have the resources for a dedicated DMZ ESX host
should probably look into other technologies or approaches, such as
off-site hosting, instead. IMHO, of course.

And, shops that don't have the resources to have a dedicated DMZ ESX
host probably don't have the in-house talent to manage a ESX host
securely anyway, which further increases the risk.

Don't misconstrue my word, BTW - I *love* my ESX host. It's just that
misuse of any tool will hurt you in the long run.

Of course, I'd also love to hear firm recommendations from VMWare on
this matter as well

I invite any VMWare employees lurking on this list to publicly or
privately point me to papers recommending approaches on this subject,
either pro or contra, on this matter.


On Jan 28, 2008 1:35 PM, Loupe, Jeffrey J <JLoupe () whitneybank com> wrote:
You really can't compare ESX with any of the workstation products, or
vmware server, player, etc. Workstation was built with a certain level
of interaction with the underlying OS assumed and desired, such as USB
drive detection and the like. ESX was specifically designed to host
virtual machines.

Shops that don't have the resources for a dedicated DMZ ESX host can,
with careful planning and administration, securely host virtual machines
on a DMZ and a trusted network. Shops that have the resources to have a
dedicated box should certainly consider that, since physically separate
is always more secure.


This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]