[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] vswitches: physical networks obsolete?



Hi Luigi,

> vmware certifies the solution "DMZ+LAN" within a single vmware host with two
> vswitches.

This sounds highly questionable, especially after reading the article of
Brad. The same goes with Cisco of course.
So what else than the marketing guy certification can we get? Before
designing an architecture, I need much more.

> This is of course true until proven false, that is sending IP packets from the
> LAN or DMZ to Internet and viceversa bypassing the firewall protection.
> 
> If you keep the netwok separated you bet that another piece of code (the
> firewall) could not be compromised.

Sure but in that case, this is not the same code, nor the same editor,
hardware, etc.
Of course there are exploits too, but the probability of having 2
exploits on totally differents devices at the same time is lower than
only 1 exploit.

- phocean


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/