Zones in a DMZ
807559Sep 5 2008 — edited Oct 8 2008I have a request to place a Solaris 10 machine into a publicly facing DMZ. It will contain multiple zones. Fine.
However one non-global zone is being requested to be in the internal network, and the rest in the DMZ. I don't like this from a security point of view - though I'm not quite knowledgeable enough on Zones to articulate why, just deep distrust about breaking the traditional model of actual separation by firewall between the internal and external networks.
Could anybody point me to the Sun position on this? Or share your own ideas? I understand networking is still somewhat shared between zones and note some recent exploits that at least show proof of concept on obtaining access to other zones:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240866-1
Many thanks!