Router & web server on ESXi machine - is security a major issue b/c of sharing machin

[tankman1989]

I'm very hesitant to install a router and one of my servers on the same machine. IDK if this is just because I'm so used to this not being a standard practice, but to me it just seems questionable as to whether it is safe. I would think that it may be possibe for a machine sharing the same NIC to somehow spy on the other mahice using the same shared port.

Anyway, I need to setup some servers for testing and I'm wondering if it will be secure enough to put them all on the same machine (poweredge 2950).

What do you people think about this?

 

[+Eric]

I use ESXi and run pfSense in a VM. It doesn't worry me at all. Since it has two nics I use one for WAN side and then all LAN side stuff shares a single nic.

Does your server only have a single network port?

 

[green91]

I use PFSense and share a NIC for WAN and LAN, but using VLANs and VMNics with a managed switch. No real concern of vlan hopping.

 

[iroc409]

The easiest way to attack a virtual machine that I've seen publicized is via memory corruption. Machines with ECC RAM will be much less vulnerable to these sorts of attacks.

Otherwise, for the most part, I think it's pretty secure. Keep everything patched & updated, and be careful with your networking settings. I think most people provide a passthrough or dedicated vNIC for the external interface, which will also increase separation (just as +Eric mentions).

 

[MrGuvernment]

i would go the route of seperate NICS for WAN / LAN and as said ECC memory if this is a critical system with important info behind it.

 

[tankman1989]

Well that is all good news. It's ecc ram and I have 8 giga port NIC's so 2 for WAN, 4 for work & home LAN (2 teamed) & 2 teamed to a DMZ.

 

[MrGuvernment]

your good to go then!