On 10/24/07, L. V. Lammert <lvl@omnitec.net> wrote:
This is called a "tangent." It has nothing to do with the reliable
security aspects of segmentation via virtualization.
The point you may try making here is that by segmenting your servers
into individual instances for each department, rather than having all
departments on a shared server, an attack against one department's
server doesn't affect the other. _In theory_, that's true. _In
reality_, this is only a surface assumption as without strong
segmentation at the network level to separate a compromised department
from another department, the attacker can compromise the other
departments' servers from the first one and have the same result.
Remember back 10-ish years ago when VLANs were being touted as the
ultimate network segmentation technology by marketers of managed
switches? And now everyone hopefully realizes that while VLANs
technically do offer network segmentation, it's really rudimentary and
cannot be relied on for truly reliable security due to various layer 2
attacks that subvert them? Or that if there's any communication
conduits that allows one to talk to the other, that can simply be
leveraged to subvert security? That simply segmenting networks with
VLANs can't be considering to fully isolate them? That when people
want solid assurance of isolating hosts they often still air gap them?
That is the point that VM-based segmentation is at right now.
This isn't supposed to be a remedial lesson on network architectures;
you're supposed to pick up the parallels to separation of
systems/applications via VM technology. VM based segmentation or
isolation (whichever buzzword you prefer ATM) is fine on the surface
level, but please stop acting as if it is a security measure. People
much smarter than $you are blowing that idea out of the water right
now.
http://www.intelguardians.com/ndss.pdfhttp://www.pauldotcom.com/2007/08/27/pauldotcom_security_weekly_int_1.htmlhttp://www.cutawaysecurity.com/blog/archives/170 (read Ed Skoudis'
comment on this post)
DS
