Not sure since vmware instantiations communicate via ip addresses. So in theory a seperate IP address could be bound to it's own nic. The other question is if a tunnel ssl or vpn can be established from nic to the vm instance.
--- Michael J McCafferty <[EMAIL PROTECTED]> wrote: > Tony, > Good to know. I might be able to use that, > even in spite of > the fact that in this case the server admins are > diabolically opposed > to us security folk. We are a big pain in their > collective ass. They > are contractors to the customer, as are we. This > customer has > outsourced almost everything IT, and to countless > different > contractors. So, any communication and team spirit > between the > contractors is accidental. > If we asked them to bind the the VMs to > NICs they would > freak out that we were asking for them to install > NICs and complaint > that it's out of scope of their current contract to > set the server up > that way, etc, boo hoo. Am I sounding negative here > ? Even so, I > might be able to use your info there. > > Wouldn't the VM still be on the same > network and collision > domain as the host OS ? Can't I hack the host OS via > a successful > compromise of a guest OS, by way of a network attack > that leverages > the same physical LAN ? (ie: Man in the middle, > spoofing, packet > re-writing, snooping/sniffing, etc). I still haven't > had a chance to > bang around in the lab on this, but maybe soon. > > Mike > > At 12:52 PM 4/4/2006, you wrote: > >It's not any big deal configuring DMZs and other > "security zones." Would > >be if I was using MS Virtual Server or the VMWare > "VMWare Server" but > >with VMWare Workstation and VMWare ESX server, you > can define and > >specify entire virtual networks bound to specific > physical adapters. > > _______________________________________________ > sdw2003 mailing list > [EMAIL PROTECTED] > http://lists.mattware.com/mailman/listinfo/sdw2003 > -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
