[unisog] DMZ and Non DMZ using sharing VM infrastructure

Stefan netfortius at gmail.com
Sat Aug 8 04:00:50 GMT 2009


It has nothing to do with marketing - it has to do with the reality of "we
better learn it, understand it and make it secure [e.g. if we want to live
with the cloud]". When my virtual boundaries are in an inter-cloud
environment, I have two options: to pretend it doesn't exist (a-la there is
only unix, no windows, no macosx, no android, no <insert your linux distro
of choice>), or to acknowledge, secure and even embrace ... although with
every new concept there will always be phases of FUD ...

***Stefan Mititelu
http://twitter.com/netfortius
http://www.linkedin.com/in/netfortius


On Wed, Aug 5, 2009 at 9:18 PM, Paul FM <paulfm at me.umn.edu> wrote:

> You obviously didn't read the reason why this is bad.  There have been
> holes
> in network virtualization as well.  Software has bugs - you won't get a
> software vendor to guarantee zero bugs.
>
> "People" (Marketing droids) said unix was dead around the turn of the
> century
> (don't believe the Marketing dribble).  And the old Interstate 35W bridge
> was
> built to last 100 years  - it only made it to about 40 - it was certified
> as
> safe the year before it collapsed (don't brush off warnings just because
> someone who knows the system says it is safe).
>
>
>
> Stefan wrote:
> > With virtualization extended into the network and storage layers,
> > there are ways to secure while providing the flexibility VMotion-like
> > processes require. Google for: nexus 1000v, nexus 7000, vdc, service
> > solutions sandwiched between virtual aggregation domains, vrf, etc. We
> > live in a world of having to accommodate active-active DCs across
> > layer 2 boundaries ... hardware/specific host bound solutions are
> > dying.
> >
> > On 8/5/09, Michael Holstein <michael.holstein at csuohio.edu> wrote:
> >>> I am curious how others are handling the DMZ and non-DMZ VMs. Please
> >>> let me know.
> >>>
> >> Not allowed. Period.
> >>
> >> Here's just one example of why :
> >>
> >> http://isc.sans.org/diary.html?storyida90
> >> http://www.immunityinc.com/documentation/cloudburst-vista.html
> >>
> >> We also apply the same "rule" to situations like Blade Centers .. you
> >> don't get the DMZ vlans in the trunk to the chassis.
> >>
> >> Cheers,
> >>
> >> Michael Holstein
> >> Cleveland State University
> >> _______________________________________________
> >> unisog mailing list
> >> unisog at lists.dshield.org
> >> https://lists.sans.org/mailman/listinfo/unisog
> >>
> >
>
> --
> ---------------------------------------------------------------------
> The views and opinions expressed above are strictly
> those of the author(s).  The content of this message has
> not been reviewed nor approved by any entity whatsoever.
> ---------------------------------------------------------------------
> Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm<http://www.menet.umn.edu/%7Epaulfm>
> ---------------------------------------------------------------------
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20090807/b653336c/attachment.htm 


More information about the unisog mailing list