[unisog] DMZ and Non DMZ using sharing VM infrastructure

Paul FM paulfm at me.umn.edu
Thu Aug 6 02:18:10 GMT 2009


You obviously didn't read the reason why this is bad.  There have been holes 
in network virtualization as well.  Software has bugs - you won't get a 
software vendor to guarantee zero bugs.

"People" (Marketing droids) said unix was dead around the turn of the century 
(don't believe the Marketing dribble).  And the old Interstate 35W bridge was 
built to last 100 years  - it only made it to about 40 - it was certified as 
safe the year before it collapsed (don't brush off warnings just because 
someone who knows the system says it is safe).



Stefan wrote:
> With virtualization extended into the network and storage layers,
> there are ways to secure while providing the flexibility VMotion-like
> processes require. Google for: nexus 1000v, nexus 7000, vdc, service
> solutions sandwiched between virtual aggregation domains, vrf, etc. We
> live in a world of having to accommodate active-active DCs across
> layer 2 boundaries ... hardware/specific host bound solutions are
> dying.
> 
> On 8/5/09, Michael Holstein <michael.holstein at csuohio.edu> wrote:
>>> I am curious how others are handling the DMZ and non-DMZ VMs. Please
>>> let me know.
>>>
>> Not allowed. Period.
>>
>> Here's just one example of why :
>>
>> http://isc.sans.org/diary.html?storyid=6190
>> http://www.immunityinc.com/documentation/cloudburst-vista.html
>>
>> We also apply the same "rule" to situations like Blade Centers .. you
>> don't get the DMZ vlans in the trunk to the chassis.
>>
>> Cheers,
>>
>> Michael Holstein
>> Cleveland State University
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
>>
> 

-- 
---------------------------------------------------------------------
The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
---------------------------------------------------------------------
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm
---------------------------------------------------------------------


More information about the unisog mailing list