Vmware

Disponível somente no TrabalhosFeitos
  • Páginas : 13 (3150 palavras )
  • Download(s) : 0
  • Publicado : 24 de março de 2013
Ler documento completo
Amostra do texto
BEST

PRACTICES

DMZ Virtualization with VMware Infrastructure

VMware B EST PRAC TICES

Table of Contents
Virtualized DMZ Networks ..................................................................................... 3
Three Typical Virtualized DMZ Configurations ...................................................... 4
Partially Collapsed DMZ with Separate Physical Trust Zones........................... 4
Partially Collapsed DMZ with Virtual Separation of Trust Zones ...................... 5
Fully Collapsed DMZ ........................................................................................... 6
Best Practices for achieving a Secure Virtualized DMZ Deployment.................... 7
Harden and Isolate the Service Console............................................................ 7
Clearly Label Networks for each Zone within the DMZ ..................................... 7
S et Layer 2 Security Options on Virtual Switches .............................................. 7
enforce Separation of Duties .............................................................................. 8
Use eSX resource Management Capabilities..................................................... 8
regularly audit Virtualized DMZ Configuration ................................................ 8
Conclusion .............................................................................................................. 8
references .............................................................................................................. 8

2

VMware B EST PR ACTICES

DMZ Virtualization with VMware Infrastructure
Virtualized DMZ Networks

configuration of a DMZ using virtual network infrastructure.
Enforcement policies on a virtual network are the same as those
on a physical network. Gartner research supports this view by
suggesting that security risks primarily emanate from administrative misconfiguration and not from the virtual infrastructure.(See the References section for information on this Gartner
report.)

As virtualization of network DMZs becomes more common,
demand is increasing for information to help network security
professionals understand and mitigate the risks associated with
this practice. This paper provides detailed descriptions of three
different virtualized DMZ configurations and identifies best
practiceapproaches that enable secure deployment.

This paper provides information that will enable you to configure a virtualized DMZ correctly and deploy it seamlessly.

VMware customer experience and independent analyst
research demonstrate that it is possible to set up a DMZ in a
virtualized environment that is as secure as a DMZ in a physical
environment. However, some network security professionalsare
concerned that DMZ virtualization might decrease security. This
is understandable, because virtualization involves new terminology and technology.

The biggest risk to a DMZ in a virtual environment is misconfiguration, not the technology. Thus you need strong audit
controls to ensure that you avoid misconfiguration, either accidental or malicious.
As shown in figures 1 and 2, theintroduction of virtual technology into a DMZ does not have to change the DMZ topology
significantly. As with other parts of the network, virtual technol-

Fortunately, as a network security professional, you already
have the critical knowledge necessary to ensure the proper
Production
LAN

Internet

IDS/IPS

Web zone

Application zone

Database zone

Figure 1 — A typical DMZ in aphysical environment

VMware
VirtualCenter
server
Production
LAN

Internet

Management
LAN
Service
console
interface

VM

VM

VM

VM

VMkernel

IDS/IPS

vSwitch

vSwitch

VMware ESX

Service
console

NIC
team

Web zone

VM

Service
console
interface

VM

VM

VMkernel
vSwitch

VMware ESX

vSwitch

NIC
team

Application zone

Service...
tracking img