On Tue, Dec 18, 2007 at 08:48:46PM +0100, ropers wrote:
quoted text
> The reason for the controversy appears to be that it's currently en
> vogue in some quarters (not here) to ascribe all kinds of benefits to
> virtualization, including security benefits -- which are very much not
> really there. Virtualization introduces more complexity, complexity is
> the enemy of real security. The "security benefits" that
> virtualization introduces are mostly administrative benefits that may
> make it easier to determine that your boxes were pwned by a sloppy
> attacker, but OpenBSD people prefer their boxes to be as pwnage-proof
> as humanely possible, ie. to make sure their boxes don't get pwned to
> start with. And that's much easier to do w/o virtualization. So
> whatever you do, don't cite security claims as reasons for
> OpenBSD/Xen, unless you fancy your OpenBSD "street cred" getting
> rather unceremoniously shredded into little itsy bitsy pieces.
> 
> Hope this helps, thanks and regards,
> --ropers
> 

just to give you a crazy example what people/vendors think is a
possible "security benefit":

some people have the idea to use virtualization on a central monster
firewall to segregate multiple departments on a single physical
device. this "firewall virtualization" feature is supported by
Cizzco-Eeeh and other vendors. this is just a scary useability feature
to give the admin the opportunity to offload some work to
customers/departments..

of course, it is a very bad idea from a security point of view; one
example of VM vulnerability was given by my early vic(4) driver which
caused segfaults of the GSX server host side.

i think it is much better, if not doing it correctly by using
distributed edge firewalls, to use pf anchors, tables, etc. to support
multiple firewall operators.

anyway, blah, there is a big controversy about VMs and Xen, but it
could be at least useful for things like testing, development, and
other edge cases.

reyk