• Login
    View Item 
    •   Research Bank Home
    • Unitec Institute of Technology
    • Study Areas
    • Computing
    • Computing Dissertations and Theses
    • View Item
    •   Research Bank Home
    • Unitec Institute of Technology
    • Study Areas
    • Computing
    • Computing Dissertations and Theses
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Virtualization and information security : a virtualized DMZ design consideration using VMware ESXi 4.1

    Singh, Shiv Raj

    Thumbnail
    Share
    View fulltext online
    Shiv Raj Singh MComp.pdf (2.421Mb)
    Date
    2012
    Citation:
    Singh, S.R. (2012). Virtualization and information security: A virtualized DMZ design consideration using VMware ESXi 4.1. A thesis submitted in partial fulfilment of the requirements for the degree of Master of Computing, Unitec Institute of Technology, New Zealand.
    Permanent link to Research Bank record:
    https://hdl.handle.net/10652/2017
    Abstract
    RESEARCH QUESTION: Is it secure to implement DMZ in a virtual network infrastructure? Sub-questions:  How can virtualized DMZs be implemented?  Which is the most secure type of virtual DMZ?  Which DMZ design is appropriate for a specific business requirement?  What impact will virtual DMZs have on information security in contrast to traditional DMZs?  What is to be avoided while deploying VMs in a DMZ? Virtualization is one of the most widely used technologies in modern day information technology datacentres. Companies like VMware, Citrix, Microsoft and Red Hat have invested a lot of money and expertise into making virtualization available to small and medium sized organizations with budget constraints. The technology is now very easy and physically flexible to deploy. Virtualization is so flexible that even traditional physical DMZs (demilitarized zones) can now be virtualized. Three different ways of deploying virtual DMZs are investigated in this research and the level of security provided by virtualized DMZs was compared to the level of security of traditional physical DMZs. Using VMware ESXi 4.1 as the hypervisor, a test bed was set up to determine which DMZ design was the most secure, whereas the DMZs represented a typical network of an organization. The test bed comprised domain controllers, an email server, DNS server, DHCP server, database server, application server and a web server, running as virtual machines within VMware ESXi 4.1; and these servers were split across a production and a DMZ environment. A quantitative research methodology approach was used to collect data with the help of vulnerability assessment tools to determine which virtual DMZ design was practical in regards to security in information technology. The results of the experiment indicate that each virtual DMZ design had an almost equal level of security and vulnerability. However, it was found that two virtual DMZ designs (design 2 and design 3), that leveraged less physical hardware resources were more secure than the traditional physical DMZ (deign 4). Level of security provided by the third virtual DMZ (design 1) was equally secure as the traditional physical DMZ. Further, an assessment of the above lead to the conclusion that various security elements; like firewalls and the inspection algorithms in the firewall, determine the level of security of a virtual DMZ. However, the requirement that virtual DMZs are more secure only where the configuration of these are considered to be made appropriately as in the physical set up of DMZs
    Keywords:
    virtualisation, virtual DMZ, information security, comparison, quantitative research, vulnerability assessment
    ANZSRC Field of Research:
    080303 Computer System Security
    Degree:
    Master of Computing, Unitec Institute of Technology
    Supervisors:
    Sathu, Hira; Shukla, Ranjana
    Copyright Holder:
    Author

    Copyright Notice:
    All rights reserved
    Rights:
    This digital work is protected by copyright. It may be consulted by you, provided you comply with the provisions of the Act and the following conditions of use. These documents or images may be used for research or private study purposes. Whether they can be used for any other purpose depends upon the Copyright Notice above. You will recognise the author's and publishers rights and give due acknowledgement where appropriate.
    Metadata
    Show detailed record
    This item appears in
    • Computing Dissertations and Theses [90]

    Te Pūkenga

    Research Bank is part of Te Pūkenga - New Zealand Institute of Skills and Technology

    • About Te Pūkenga
    • Privacy Notice

    Copyright ©2022 Te Pūkenga

    Usage

    Downloads, last 12 months
    158
     
     

    Usage Statistics

    For this itemFor the Research Bank

    Share

    About

    About Research BankContact us

    Help for authors  

    How to add research

    Register for updates  

    LoginRegister

    Browse Research Bank  

    EverywhereInstitutionsStudy AreaAuthorDateSubjectTitleType of researchSupervisorCollaboratorThis CollectionStudy AreaAuthorDateSubjectTitleType of researchSupervisorCollaborator

    Te Pūkenga

    Research Bank is part of Te Pūkenga - New Zealand Institute of Skills and Technology

    • About Te Pūkenga
    • Privacy Notice

    Copyright ©2022 Te Pūkenga