[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] vswitches: physical networks obsolete?
- To: Luigi Rosa <lists@xxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] vswitches: physical networks obsolete?
- From: phocean <0x90@xxxxxxxxxxx>
- Date: Sun, 06 Feb 2011 18:24:31 +0100
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> phocean said the following on 06/02/11 16:58:
>
> > So my worries remain... how do they address this?
> > You don't mean that we have to wait for the next 0-day for the VMware
> > claim to be proved false? There are coding vulnerabilities everywhere.
>
> We could wait for the next 0day of HP procurve, Cisco Catalyst or Dell
> PowerConnect firmware as well ;)
That's exactly why I used to use physical separation and mixed various
hardware in each area.
What do you do if your infrastructure rely 100% on VMware code?
>
> The history of software bugs so far tells us that, until now, the chance to
> have
> a 0day of a firewall is greater than the chance of the 0day of a switch
> firmware.
I disagree. Not only you can't compare a switch and an firewall (neither
in terms of functionality, complexity, exploitation or impact), but L2
has always been vulnerable by design. Easy to attack, huge impact, game
over.
>
> I am not telling that switches are bulletproof, I am only talking about
> probability.
>
Ok but I would like we get back to the point. Thanks for your feedback,
I took note of it.
You are just expressing your opinion, as I did. Opinions don't have much
value, neither mine nor yours.
I am expecting facts, deep studies or specifications.
We are talking about major changes in the way we design architectures.
It is not something to take lightly, relying only on "right until proven
wrong" or "the editor says it's great".
Once an architecture has been designed for a company, it is supposed to
stay there 10 years or even more.
I want to read more answers here. Maybe there have not been any serious
research on the topic yet. In that case, I would take the safe side :
waiting a few more years until the industry has enough experience on the
technology before deploying any full virtual network.
- phocean
>
>
> Ciao,
> luigi
>
> - --
> /
> +--[Luigi Rosa]--
> \
>
> Any small object that is accidentally dropped will hide under a larger object.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk1O0GkACgkQ3kWu7Tfl6ZTahgCfWVHLy/OD/58XOgN2ovanl/dT
> LJgAnjtPyYCRujnL/3tzZJ/4K9CcTCF8
> =xaty
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/