[
https://issues.apache.org/jira/browse/VCL-257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Thompson closed VCL-257.
-----------------------------
Resolution: Fixed
This is part of the architecture of VCL. vcld needs access to the VMs to be
able to manage them. Rather than disabling the private NIC, effort must be put
in to the design of the whole system to ensure that systems are safe against
attacks performed on the private network.
> Internal nic(eth1) may be used for a attack
> -------------------------------------------
>
> Key: VCL-257
> URL: https://issues.apache.org/jira/browse/VCL-257
> Project: VCL
> Issue Type: Bug
> Components: vcld (backend)
> Environment: vmware esxi
> Reporter: Xianqing Yu
>
> Vcld use internal network(eth1) to communicate with virtual machine which it
> just create, but VM internal nic will still function when user login. Some
> functions are disable like ifconfig. But user still can use command netstat
> -rn to find the kernel route table. And the user can use internal to attack
> other machines if VM is compromised. I think internal network nic should be
> close when user login into the VM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
