Virtualization and information security : a virtualized DMZ design consideration using VMware ESXi 4.1
Loading...
Supplementary material
Other Title
Authors
Singh, Shiv Raj
Author ORCID Profiles (clickable)
Degree
Master of Computing
Grantor
Unitec Institute of Technology
Date
2012
Supervisors
Sathu, Hira
Shukla, Ranjana
Shukla, Ranjana
Type
Masters Thesis
Ngā Upoko Tukutuku (Māori subject headings)
Keyword
virtualisation
virtual DMZ
information security
comparison
quantitative research
vulnerability assessment
virtual DMZ
information security
comparison
quantitative research
vulnerability assessment
ANZSRC Field of Research Code (2020)
Citation
Singh, S.R. (2012). Virtualization and information security: A virtualized DMZ design consideration using VMware ESXi 4.1. A thesis submitted in partial fulfilment of the requirements for the degree of Master of Computing, Unitec Institute of Technology, New Zealand.
Abstract
RESEARCH QUESTION:
Is it secure to implement DMZ in a virtual network infrastructure?
Sub-questions:
How can virtualized DMZs be implemented?
Which is the most secure type of virtual DMZ?
Which DMZ design is appropriate for a specific business requirement?
What impact will virtual DMZs have on information security in contrast to traditional DMZs?
What is to be avoided while deploying VMs in a DMZ?
Virtualization is one of the most widely used technologies in modern day information technology datacentres. Companies like VMware, Citrix, Microsoft and Red Hat have invested a lot of money and expertise into making virtualization available to small and medium sized organizations with budget constraints. The technology is now very easy and physically flexible to deploy. Virtualization is so flexible that even traditional physical DMZs (demilitarized zones) can now be virtualized. Three different ways of deploying virtual DMZs are investigated in this research and the level of security provided by virtualized DMZs was compared to the level of security of traditional physical DMZs.
Using VMware ESXi 4.1 as the hypervisor, a test bed was set up to determine which DMZ design was the most secure, whereas the DMZs represented a typical network of an organization. The test bed comprised domain controllers, an email server, DNS server, DHCP server, database server, application server and a web server, running as virtual machines within VMware ESXi 4.1; and these servers were split across a production and a DMZ environment. A quantitative research methodology approach was used to collect data with the help of vulnerability assessment tools to determine which virtual DMZ design was practical in regards to security in information technology.
The results of the experiment indicate that each virtual DMZ design had an almost equal level of security and vulnerability. However, it was found that two virtual DMZ designs (design 2 and design 3), that leveraged less physical hardware resources were more secure than the traditional physical DMZ (deign 4). Level of security provided by the third virtual DMZ (design 1) was equally secure as the traditional physical DMZ. Further, an assessment of the above lead to the conclusion that various security elements; like firewalls and the inspection algorithms in the firewall, determine the level of security of a virtual DMZ. However, the requirement that virtual DMZs are more secure only where the configuration of these are considered to be made appropriately as in the physical set up of DMZs
Publisher
Permanent link
Link to ePress publication
DOI
Copyright holder
Author
Copyright notice
All rights reserved