J.C. Roberts wrote:
As for the mentioned issue of encrypting the bus data, since you've got
the VLAN it is feasible, but if you've got an attacker inside the
switches of your datacenter, then you obviously have more important
problems.
Another scenario is that you get a compromised machine that has access
to this pool of resources. I don't have to compromise your switching, I
just have to compromise a host that uses this network. Given that
Windows hosts get to participate with this sort of thing, that's just a
matter of time.
Given that the security model relies on *VLANS* of all things to segment
network resources (from what little information is out there), one
compromised host could ruin your whole day, especially if the switch has
VLAN tagging vulnerabilities as well (which has happened more times than
I'd like to think about.)
-JCB
