- No node or route discovery protocols. There is a two fold benefit to this behavior. First information about network access is intrinsic to the creation of the virtual network, therefore no need to use discovery protocols. Secondly, there is no reason to allow hosts to modify this information read only copies are all that is necessary.
- No Dynamic Trunking. By not supporting this feature virtual networks provide a protection against mis-configuration and exploitation. This prevents an external 3rd party (of any kind) modifying vLAN trunking and potentially corrupting the virtual instantiation itself or the supporting virtual switches by rewriting the truck structures.
- No Native vLAN. This is a very similar behavior to preventing Dynamic Trunks. Native vLANs provide a mechanism through which untagged packets are assigned to a default (or native) vLAN. This prevents a malicious host from dropping untagged packet on a virtual segment allowing those packets to arrive at an unintended destination.
- Virtual Switches do not share physical NICs. Primarily this prevents leaking of information from one switch (or vLAN) to another.
Saturday, May 2, 2009
Security Benefits of Virtualized Networks
There are some non-obvious benefits of using virtual networks that can greatly impact the architecture utilized to secure virtual networks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment