I like to know what you people think of this. So far I have been using VMWare products for testing purposes. None of my VMs have been exposed to the Internet, at least not the ones that contain important data. However, our company recently bought a really fast server that we plan to use to host a few VMs including one for Web and FTP servers. The host OS will contain a superset of data that only a subset will be drag-and-drop into the Web and FTP servers running in VMs. Therefore our concern is people can hack through the VMs and have access to the info on the host OS. The host OS machine is part of the main network so if hackers can get through the VMs, they may have access to the other machines.
Anyone know of a website or even books that focus on running secured VMs? That is how to maximize "complete" isolation of VMs among themselves or between VMs and the underlining host OSes?
I kind of expected this when using bridged networking in VMware server...
My guess is that this has something to do with using the host interfaces / drivers and my further guess is, that this doesn't happen with Linux as the host OS - to be safe I'll try it.
Another guess is, that this does not happen in ESX - but again I'll try it.
Message was edited by:
I don't see any promises that there is no leakage in the official docs - so this might be by design
Virtualization doesn't mean that you don't need firewalls and a good network design.
You can still isolate the VMs using separate NICs or run them on top of ESX using different vSwitches.
Why hub? Why not make it a virtual switch? Hubs broadcast to everybody. This is done for a reason? Because it's a free product given that ESX (a paid product) offers virtual switches?
Yes, I'm wondering that too. Because for every fram a VM receives that it "shouldn't have" it is logged and tracked as dropped.
Is this a bug in the code or is it a setting somewhere?
Look at the situation here:
There's only traffic between VM2 and VM3 while the other ones are tracking these connections as dropped.