[c-nsp] Securing virtual networks
Higham, Josh
jhigham at epri.com
Thu Mar 13 17:16:52 EDT 2008
What methods are available for making sure that no traffic leaks between
virtual networks? I am looking at doing some sort of virtualization for
a small enterprise network (so no software based provisioning) and want
to either prevent or detect misconfigurations.
If I restrict the address ranges I can use netflow and ACLs, but that
removes one of the benefits. This isn't a hostile environment, but
would include a guest network so malicious attacks are possible, along
with the obvious virus issues.
We have a collapsed core, so I would be using VLANs within the LAN, and
GRE tunnels across the WAN. We can't count on a typo breaking something
because some of the networks will be infrequently utilized. Any
suggestions?
Thanks,
Josh
More information about the cisco-nsp
mailing list