I don’t mean to take us too far off course, but can you explain how “private VLAN” and “air gap” can coexist real quick?
From: Sean Hulbert <[email protected]> Sent: Monday, June 5, 2023 10:07 AM To: [email protected] Subject: RE: SSH Connections --- VMWare Hosts Hello Nick thank you, I think I will agree to disagree. Well I did leave out all the security implemented, however we did pass the FedRAMP MIL4 and HIPAA audits with our implementation. Lets hope you are running a layer 7 firewall on your Edge and micro firewalls in front of the ingress end points or it will be a another tragic story on the news. You want a Jump VM as a degree of separation in an isolated network which is can have internal MFA enabled on it; not just TOTP with Guac, By going from guac to VMware you have no separation/segmentation. There is nothing wrong having a standalone Windows server as a utility VM or even Linux system, using private vlans to help air gap the connections. Thank You Sean Hulbert Founder / CEO Work Ph: 925.663.5565 Security Centric Inc. A Cybersecurity Virtualization Enablement Company StormCloud Gov, Protected CUI Environment! [SCILOGOMSP450] FedRAMP MIL4 in process System Award Management CAGE: 8AUV4 AFCEA San Francisco Chapter President If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of! CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication. igitur qui desiderat pacem, praeparet bellum!!! Epitoma Rei Militaris From: Nick Couchman [mailto:[email protected]] Sent: Monday, June 5, 2023 9:34 AM To: [email protected]<mailto:[email protected]> Subject: Re: SSH Connections --- VMWare Hosts On Mon, Jun 5, 2023 at 12:32 PM Sean Hulbert <[email protected]<mailto:[email protected]>> wrote: It is fundamentally a bad idea to go directly to your HOST VMware server, you should use a jumper (utility) VM with connection to the Host on the backend, like windows server 2019 or 2022. 1) Guacamole _is_ the jump/utility VM. 2) In my estimation, it is a fundamentally bad idea to set up a Windows-based server just to log in to UNIX/Linux/ESX servers. -Nick
