lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1297007899.10916.27.camel@subarashii>
Date: Sun, 06 Feb 2011 16:58:19 +0100
From: phocean <0x90@...cean.net>
To: Luigi Rosa <lists@...girosa.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: vswitches: physical networks obsolete?

> For instance, the switch software isolates the communication betwenn port A, B,
> and C, that is if you send an unicast packet from A to B, C cannot read it. But
> the switching engine is not "hardware", is software, so you could not trust it.

This is the same when you compare physical switches with vswitches in
the SAME zone.
In that case, we have L2 adjacency, wich I agree is almost the same if
managed by software or hardware.

But my point is DMZ, where in the traditional physical network you
usually separate L2 in two zones (with multiple vlans inside each) and
enforce L3 (up to L7) filtering at the boundary. And this with different
hardwares.

In the case of a vswitches architecture, you can still have a firewall
somewhere. However, you have a single L2 area. At the end, you entire
network is as secure as the L2 is, which is a totally different picture
than the classic architecture.
It would look more like (which I don't want):
Internet--|fw|--[vlan/vswitches]

So my worries remain... how do they address this?
You don't mean that we have to wait for the next 0-day for the VMware
claim to be proved false? There are coding vulnerabilities everywhere.

> 
> 
> 
> Ciao,
> luigi
> 
> - -- 
> /
> +--[Luigi Rosa]--
> \
> 
> If you need n items of anything, you will have n-1 in stock.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk1OvhMACgkQ3kWu7Tfl6ZTkeQCcCYHuMd1v8AIGNJwio2XXrR7S
> TTQAoMrRYFgv5WI26czAoeyTHWB35h+N
> =FUmm
> -----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ