| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1297013071.10916.53.camel@subarashii> Date: Sun, 06 Feb 2011 18:24:31 +0100 From: phocean <0x90@...cean.net> To: Luigi Rosa <lists@...girosa.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: vswitches: physical networks obsolete? > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > phocean said the following on 06/02/11 16:58: > > > So my worries remain... how do they address this? > > You don't mean that we have to wait for the next 0-day for the VMware > > claim to be proved false? There are coding vulnerabilities everywhere. > > We could wait for the next 0day of HP procurve, Cisco Catalyst or Dell > PowerConnect firmware as well ;) That's exactly why I used to use physical separation and mixed various hardware in each area. What do you do if your infrastructure rely 100% on VMware code? > > The history of software bugs so far tells us that, until now, the chance to have > a 0day of a firewall is greater than the chance of the 0day of a switch firmware. I disagree. Not only you can't compare a switch and an firewall (neither in terms of functionality, complexity, exploitation or impact), but L2 has always been vulnerable by design. Easy to attack, huge impact, game over. > > I am not telling that switches are bulletproof, I am only talking about probability. > Ok but I would like we get back to the point. Thanks for your feedback, I took note of it. You are just expressing your opinion, as I did. Opinions don't have much value, neither mine nor yours. I am expecting facts, deep studies or specifications. We are talking about major changes in the way we design architectures. It is not something to take lightly, relying only on "right until proven wrong" or "the editor says it's great". Once an architecture has been designed for a company, it is supposed to stay there 10 years or even more. I want to read more answers here. Maybe there have not been any serious research on the topic yet. In that case, I would take the safe side : waiting a few more years until the industry has enough experience on the technology before deploying any full virtual network. - phocean > > > Ciao, > luigi > > - -- > / > +--[Luigi Rosa]-- > \ > > Any small object that is accidentally dropped will hide under a larger object. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1O0GkACgkQ3kWu7Tfl6ZTahgCfWVHLy/OD/58XOgN2ovanl/dT > LJgAnjtPyYCRujnL/3tzZJ/4K9CcTCF8 > =xaty > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists