Kevin Stam wrote:
Like I mentioned earlier, security has several contexts. He could well
be talking about job security, if he's the only one who knows how it is
set up.
While probably the least, or at least one of the least, technically
skilled people here, I did spend a lot of time this spring reading up on
virtualization and paravirtualization.
*My* conclusion was that the main, and maybe only, place that
virtualization can help is in restoration after a compromise, assuming
one makes snapshots, etc. That and maybe load balancing / resource
usage to help uptime. Keeping people out, or data in? Nah. Probably
no more than spreading out over different architectures.
However, adding an extra layer otherwise made little sense and is
probably not more effective than sysjail or something like that.
Paravirtualization, *might* help in some cases, since the guest os must
be ported, but again the host is native and once you reach the host...
-Lars
| Andreas Gruenbacher | Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching |
| Alan Cox | Re: [patch 7/8] fdmap v2 - implement sys_socket2 |
| Jens Axboe | Re: regression: CD burning (k3b) went broke |
| Paul E. McKenney | Re: [PATCH 0/24] make atomic_read() behave consistently across all architectures |
git: | |
| KOSAKI Motohiro | [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin" |
| David Miller | [GIT]: Networking |
| Alexey Dobriyan | [PATCH 09/33] netns ct: per-netns /proc/net/nf_conntrack, /proc/net/stat/nf_conntr... |
| Gerrit Renker | [PATCH 18/37] dccp: Support for Mandatory options |
