| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTikOMkmhAzRxoc62aXqkHUN1Auq-Oh3z_ra-Bx41@mail.gmail.com> Date: Sun, 6 Feb 2011 13:48:25 -0600 From: "Albert R. Campa" <abcampa@...il.com> To: Untitled <full-disclosure@...ts.grok.org.uk> Subject: Re: vswitches: physical networks obsolete? vmware has come out with their vshield virtual firewall product. Altor/Juniper has had a virtual firewalling product for a while now. On Sun, Feb 6, 2011 at 11:24 AM, phocean <0x90@...cean.net> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > phocean said the following on 06/02/11 16:58: > > > > > So my worries remain... how do they address this? > > > You don't mean that we have to wait for the next 0-day for the VMware > > > claim to be proved false? There are coding vulnerabilities everywhere. > > > > We could wait for the next 0day of HP procurve, Cisco Catalyst or Dell > > PowerConnect firmware as well ;) > > That's exactly why I used to use physical separation and mixed various > hardware in each area. > What do you do if your infrastructure rely 100% on VMware code? > > > > > The history of software bugs so far tells us that, until now, the chance to have > > a 0day of a firewall is greater than the chance of the 0day of a switch firmware. > I disagree. Not only you can't compare a switch and an firewall (neither > in terms of functionality, complexity, exploitation or impact), but L2 > has always been vulnerable by design. Easy to attack, huge impact, game > over. > > > > > I am not telling that switches are bulletproof, I am only talking about probability. > > > > Ok but I would like we get back to the point. Thanks for your feedback, > I took note of it. > > You are just expressing your opinion, as I did. Opinions don't have much > value, neither mine nor yours. > I am expecting facts, deep studies or specifications. > > We are talking about major changes in the way we design architectures. > > It is not something to take lightly, relying only on "right until proven > wrong" or "the editor says it's great". > Once an architecture has been designed for a company, it is supposed to > stay there 10 years or even more. > > I want to read more answers here. Maybe there have not been any serious > research on the topic yet. In that case, I would take the safe side : > waiting a few more years until the industry has enough experience on the > technology before deploying any full virtual network. > > - phocean > > > > > > > Ciao, > > luigi > > > > - -- > > / > > +--[Luigi Rosa]-- > > \ > > > > Any small object that is accidentally dropped will hide under a larger object. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.10 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAk1O0GkACgkQ3kWu7Tfl6ZTahgCfWVHLy/OD/58XOgN2ovanl/dT > > LJgAnjtPyYCRujnL/3tzZJ/4K9CcTCF8 > > =xaty > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists