Re: OpenBSD firewalls as virtual machine ? | KernelTrap

Re: OpenBSD firewalls as virtual machine ?

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Nick Holland <nick@...>

To: misc <misc@...>

Subject: Re: OpenBSD firewalls as virtual machine ?

Date: Thursday, September 20, 2007 - 9:52 pm

Josh wrote:

quoted text

> Hello there.
>
> We have a bunch of obsd firewalls, 8 at the moment, all working nice and
> so forth. But we
> need to add about another 4 in there for new connections and networks,
> which means more
> machines to find room for.
>
> So basically I have been asked to investigate running all these
> firewalls in two big boxes, with lots
> of NIC's, with a bunch of openbsd vritual machines on them. One main box
> for the primary firewalls,
> one for the secondary. Each virtual machine getting its own physical NIC.
>
> Personally I dont really like the idea, I can see things going wrong,
> lots of stuff balancing on a
> guest os and box.
>
> Can someone please inform me if this is a really bad idea or not,
> ideally with some nice reasoning?
>
>
> Cheers,
> Josh

Read this:
http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/
Read the paper linked there as well. Always good to go back to original
source material.

Anyone who told you VM technology and security had anything to do with
each other was full of doo-doo.

After reading that, I'd not want to put any "externally exposed" apps on
a VM system. Granted, OpenBSD might not be the best entry point for a
VM attack, but the foundation VM design is based on isn't as solid as
people think.

Nick.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

OpenBSD firewalls as virtual machine ?, Josh, (Thu Sep 20, 9:09 pm)

Re: OpenBSD firewalls as virtual machine ?, Die Gestalt, (Mon Sep 24, 8:56 am)

Re: OpenBSD firewalls as virtual machine ?, David Gwynne, (Mon Sep 24, 7:59 am)

Re: OpenBSD firewalls as virtual machine ?, Eduardo Tongson, (Sat Sep 22, 11:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Bryan Irvine, (Fri Sep 21, 7:09 pm)

Re: OpenBSD firewalls as virtual machine ?, Kent Watsen, (Fri Sep 21, 8:07 am)

Re: OpenBSD firewalls as virtual machine ?, Scott Wells, (Fri Sep 21, 9:19 am)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Fri Sep 21, 10:52 am)

Re: OpenBSD firewalls as virtual machine ?, , (Fri Sep 21, 11:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Sat Sep 22, 12:36 am)

Re: OpenBSD firewalls as virtual machine ?, Nick Holland, (Sat Sep 22, 10:53 am)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Sat Sep 22, 11:36 am)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 11:17 am)

Re: OpenBSD firewalls as virtual machine ?, Henning Brauer, (Sat Sep 22, 7:29 am)

Re: OpenBSD firewalls as virtual machine ?, bofh, (Fri Sep 21, 3:29 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 5:15 pm)

Re: OpenBSD firewalls as virtual machine ?, Stuart Henderson, (Fri Sep 21, 3:51 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 5:16 pm)

Re: OpenBSD firewalls as virtual machine ?, Claudio Jeker, (Fri Sep 21, 6:34 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 8:06 pm)

Re: OpenBSD firewalls as virtual machine ?, , (Sat Sep 22, 6:50 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Sat Sep 22, 7:35 pm)

Re: OpenBSD firewalls as virtual machine ?, n0g0013, (Sat Sep 22, 8:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Tony Sarendal, (Fri Sep 21, 7:10 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Fri Sep 21, 10:48 am)

Re: OpenBSD firewalls as virtual machine ?, Ted Unangst, (Fri Sep 21, 4:28 pm)

Re: OpenBSD firewalls as virtual machine ?, Craig Skinner, (Fri Sep 21, 11:09 am)

Re: OpenBSD firewalls as virtual machine ?, Tony Sarendal, (Fri Sep 21, 8:58 am)

Re: OpenBSD firewalls as virtual machine ?, Nick Holland, (Thu Sep 20, 9:52 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Sat Sep 22, 7:45 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Fri Sep 21, 2:18 am)

Re: OpenBSD firewalls as virtual machine ?, Craig Skinner, (Fri Sep 21, 4:03 am)

Re: OpenBSD firewalls as virtual machine ?, Jason Dixon, (Thu Sep 20, 9:35 pm)

Re: OpenBSD firewalls as virtual machine ?, bofh, (Thu Sep 20, 9:53 pm)

Re: OpenBSD firewalls as virtual machine ?, Jason Dixon, (Thu Sep 20, 10:15 pm)

Navigation

Popular discussions


linux-kernel:
Andrew Morton	Re: Linux 2.6.21-rc4
Andrew Morton	-mm merge plans for 2.6.23
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Balbir Singh	Re: [RFC][PATCH 2/7] RSS controller core
git:

linux-netdev:
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
David Miller	[GIT]: Networking
Andreas Henriksson	[PATCH 06/12] Remove bogus reference to tc-filters(8) from tc(8) manpage.
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Colocation donated by:

Who's online

There are currently 0 users and 868 guests online.

Syndicate