My analogies usually go to custard, but I'll try this one.
You are in charge of getting four ambassadors to a meeting.  As well

as making sure they are happy and fed, you are in charge of their

security.
All four are hated in their home countries and you know their are

people wanting to kill them.
Some of your choices:
1. One car per ambassador.  If one gets taken out, at least three are

still OK (guess you would still be out of a job, though - so not a

perfect analogy.)  Obviously means four cars, four drivers, so more

expensive.  And more things to juggle.  And if you are very unlucky,

all four could still get taken out (but obviously means a lot of bad

guys being lucky.)  It takes four attacks to wipe you out.
2. All four in one car.  If any assassin tries to take out an

ambassador, chances are the rest are toast as well.  But only one

car / one driver - so less expensive.  It takes one attack to wipe

you out.
3. All four in one car - but you start to worry about the risk, so

you start adding stuff to the car.  Bigger engine, stronger body, try

and partition off the passengers, give them body armour, have a spare

driver, get the driver to drive randomly - lot more complexity and

things to juggle.  Unless you and the car builder are very good (did

you think of EVERYTHING?  What exactly did the car builder DO under

the bonnet - do you know?) - one attack will still wipe you out.
Which of these options is "most secure"?  (Sending them with Arnie in

his Hummer isn't an option.)
Now I'll send this and then think of how the analogy falls apart ... 8-)
On 25/10/2007, at 7:14 PM, Lars Noodin wrote:
> Kevin Stam wrote:

quoted text
>> ... failed to satisfactorily explain why running a specific

>> application

>> in a VM is more secure then running it in a standard OS. It's

>> nonsense that

>> you think it's more secure that way. It saves a lot of money, yes

>> -- you

>> don't necessarily want a separate box just to run an application -

>> but

>> that's not the debate here. The debate is about security, and I'm

>> amazed

>> that you think a virtual environment is somehow more secure then a

>> dedicated

>> non-virtual environment...

>

> Like I mentioned earlier, security has several contexts.  He could

> well

> be talking about job security, if he's the only one who knows how

> it is

> set up.

>

> While probably the least, or at least one of the least, technically

> skilled people here, I did spend a lot of time this spring reading

> up on

> virtualization and paravirtualization.

>

> *My* conclusion was that the main, and maybe only, place that

> virtualization can help is in restoration after a compromise, assuming

> one makes snapshots, etc.  That and maybe load balancing / resource

> usage to help uptime.  Keeping people out, or data in?  Nah.  Probably

> no more than spreading out over different architectures.

>

> However, adding an extra layer otherwise made little sense and is

> probably not more effective than sysjail or something like that.

> Paravirtualization, *might* help in some cases, since the guest os

> must

> be ported, but again the host is native and once you reach the host...

>

> -Lars