Virtualization and information security : a virtualized DMZ design consideration using VMware ESXi 4.1

Singh, Shiv Raj

Singh, Shiv Raj

View fulltext online

Shiv Raj Singh MComp.pdf (2.421Mb)

Date

2012

Citation:

Singh, S.R. (2012). Virtualization and information security: A virtualized DMZ design consideration using VMware ESXi 4.1. A thesis submitted in partial fulfilment of the requirements for the degree of Master of Computing, Unitec Institute of Technology, New Zealand.

Permanent link to Research Bank record:

https://hdl.handle.net/10652/2017

Abstract

RESEARCH QUESTION: Is it secure to implement DMZ in a virtual network infrastructure? Sub-questions:  How can virtualized DMZs be implemented?  Which is the most secure type of virtual DMZ?  Which DMZ design is appropriate for a specific business requirement?  What impact will virtual DMZs have on information security in contrast to traditional DMZs?  What is to be avoided while deploying VMs in a DMZ? Virtualization is one of the most widely used technologies in modern day information technology datacentres. Companies like VMware, Citrix, Microsoft and Red Hat have invested a lot of money and expertise into making virtualization available to small and medium sized organizations with budget constraints. The technology is now very easy and physically flexible to deploy. Virtualization is so flexible that even traditional physical DMZs (demilitarized zones) can now be virtualized. Three different ways of deploying virtual DMZs are investigated in this research and the level of security provided by virtualized DMZs was compared to the level of security of traditional physical DMZs. Using VMware ESXi 4.1 as the hypervisor, a test bed was set up to determine which DMZ design was the most secure, whereas the DMZs represented a typical network of an organization. The test bed comprised domain controllers, an email server, DNS server, DHCP server, database server, application server and a web server, running as virtual machines within VMware ESXi 4.1; and these servers were split across a production and a DMZ environment. A quantitative research methodology approach was used to collect data with the help of vulnerability assessment tools to determine which virtual DMZ design was practical in regards to security in information technology. The results of the experiment indicate that each virtual DMZ design had an almost equal level of security and vulnerability. However, it was found that two virtual DMZ designs (design 2 and design 3), that leveraged less physical hardware resources were more secure than the traditional physical DMZ (deign 4). Level of security provided by the third virtual DMZ (design 1) was equally secure as the traditional physical DMZ. Further, an assessment of the above lead to the conclusion that various security elements; like firewalls and the inspection algorithms in the firewall, determine the level of security of a virtual DMZ. However, the requirement that virtual DMZs are more secure only where the configuration of these are considered to be made appropriately as in the physical set up of DMZs

Keywords:

virtualisation, virtual DMZ, information security, comparison, quantitative research, vulnerability assessment

ANZSRC Field of Research:

080303 Computer System Security

Degree:

Master of Computing, Unitec Institute of Technology

Supervisors:

Sathu, Hira; Shukla, Ranjana

Rights:

This digital work is protected by copyright. It may be consulted by you, provided you comply with the provisions of the Act and the following conditions of use: Any use you make of these documents or images must be for research or private study purposes only, and you may not make them available to any other person. You will recognise the author's and publishers rights and give due acknowledgement where appropriate.

Metadata

Show detailed record

This item appears in

Computing Dissertations and Theses [88]