Home page logo

pen-test logo Penetration Testing mailing list archives

Re: ESX Vmware Physically connected to different segments
From: Dave Howe <David.Howe () ansgroup co uk>
Date: Wed, 30 Jan 2008 08:29:14 +0000

David M. Zendzian wrote:
Just the fact that we mix customers in a virtual environment creates a
similar risk. We aren't able to offer a dedicated host for every
customer who wants a virtual environment, that would defeat the purpose
of virtualization.

Maybe I missed part of the earlier discussion, and I'm always ready to
look at other ways of approaching the problem. Other than dedicated
hosts for each customer, what would you suggest a basic design be to
provide what you are describing?

That's fine (well, its not fine, but its understandable; customers know
what they are buying, and it isn't a dedicated machine for themselves in
its own VLAN; if they want that, they can pay you more and GET that)

   As long as you assume that machines on the shared ESX server are no
more or less secure than accounts on the *same* server separated by use
of chroot, then you can give a customer (Or potential customer) a
realistic estimate of the security he is buying. He isn't getting the
same level of security he would get from a dedicated machine, but he
isn't PAYING for that, so he has to live with what the product he buys
provides. As long as everyone knows that up front, I don't see how they
have grounds for complaint.

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]