1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

VMWare - configured in DMZ and protected network

Discussion in 'Business & Enterprise Computing' started by Kizz, Aug 2, 2010.

  1. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,396
    Location:
    Canberra
    so true.

    simply put, X86 hardware aint IBM-Z and vmware aint LPAR.

    ESX 3.5 U4 only achieved EAL4+ on 9 FEB 2010.

    ESX 4 and ESXi 4 are both presently under evaluation.
     
  2. NuggetGTR

    NuggetGTR Member

    Joined:
    Aug 3, 2010
    Messages:
    10
    Location:
    Canberra
    well LPAR on IBM-Z is only EAL5

    and would pretty supprised if ESX4.1 isnt on the same level as that now, but will see i guess
     
  3. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,644
    Location:
    Brisbane
    I'd be highly surprised if VMWare would ever get over EAL4. The software is utterly atrocious, and trying to get any sort of detailed system design documentation out of VMWare is nigh impossible.

    Given that even at version 4.1 there are still fundamental design flaws in VMWare (huge bugs at the network and SCSI levels still), I doubt the rest of the system is any better.
     
  4. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,396
    Location:
    Canberra
    correct, it is only EAL5.

    but EAL5 indicates that security is a primary thought and control point in the development process, not a secondary or tertiary.

    4.1 was only just released, the time it takes to get an EAL rating from CC is a very expensive and long process.
     
  5. NuggetGTR

    NuggetGTR Member

    Joined:
    Aug 3, 2010
    Messages:
    10
    Location:
    Canberra
    Yeah well there is still another 2 levels after 5 so its not the top tier or anything. ;)

    and the funny thing is that most OS's that would be sitting on boxes within a DMZ are only EAL4 anyway infact I think all general purpose OS's are bar like 1.
     
  6. OP
    OP
    Kizz

    Kizz Member

    Joined:
    Aug 27, 2007
    Messages:
    299
    Excellent info, thanks Nugget, Elvis, Doc-of-E and again IACSecurity, really appreciate all of your inputs, this is exactly the info I was hoping to discover.

    A quick read of EAL and I see commonly used OS's are all around the EAL4 mark, same as VMWare. Out of interest, I looked up the specs of our firewalls, they are also EAL4. In fact, looking up Ciscos security product, they also topped out at EAL4+ according to this document -

    http://www.cisco.com/en/US/prod/col...ps6120/product_data_sheet0900aecd802930c5.pdf

    I'm just getting up to speed with this, but on the surface it would appear the commonly used firewalls are certified to the same level as VMWare?
     
  7. OP
    OP
    Kizz

    Kizz Member

    Joined:
    Aug 27, 2007
    Messages:
    299
    Thank you once again mate, will do some more reading up so i'm not so dangerous :)
     

Share This Page

Advertisement: