From: Kurt Buff (kurt.buff@gmail.com)
Date: Mon Jan 28 2008 - 13:43:05 EST
Even if everything is configured properly, mixing security domains in
a virtual hosting is a capital mistake.
That's because the underlying host is also vulnerable, and attacks
against a guest OS in an untrusted domain can be leveraged against the
host, and from there *all* guest OSes are toast, or near to it.
Don't do it, ever.
Kurt
On Jan 28, 2008 5:08 AM, Loupe, Jeffrey J <JLoupe@whitneybank.com> wrote:
>
> If everything is setup properly this configuration should be secure. The
> problem comes with misconfiguration. It's exceedingly easy for a
> careless admin to connect a vNic to the wrong vSwitch and allow traffic
> meant for the DMZ onto the trusted network. In general we disallow this
> practice unless only one or two trusted admins have control of the box.
> Even then, we audit the configuration frequently.
>
> -J
>
> ________________________________________________________________
>
> Confidentiality Notice:
>
> This E-Mail transmission (and/or the documents accompanying it)
> may contain information belonging to the sender which is
> confidential, privileged and/or exempt from disclosure under
> applicable law. The information is intended only for the use
> of the individual(s) or entity named above. If you are not
> the intended recipient, you are hereby notified that any
> disclosure, copying, distribution or the taking of any action
> in reliance on the contents of this information is strictly
> prohibited. If you have received this E-Mail transmission
> in error, please immediately notify us by return E-Mail or
> telephone to arrange for return of its contents including any
> documents.
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:22 EDT