Re: OpenBSD firewalls as virtual machine ?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Darren Spruell

Subject: Re: OpenBSD firewalls as virtual machine ?

Date: Thursday, September 20, 2007 - 11:18 pm

On 9/20/07, Nick Holland <nick@holland-consulting.net> wrote:
quoted text> > Can someone please inform me if this is a really bad idea or not,
> > ideally with some nice reasoning?
> >
> >
> > Cheers,
> >     Josh
>
> Read this:
> http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/
> Read the paper linked there as well.  Always good to go back to original
> source material.
>
> Anyone who told you VM technology and security had anything to do with
> each other was full of doo-doo.

I'll echo Nick's statements here. Virtualization does not provide
reliable enough segmentation to rely on for security assurance. Do not
buy into the market smack the vendors are putting out about it.

As far as that goes, the more time goes on, the weaker the assumption
of virtualized segmentation becomes. Research from IntelGuardians and
other groups appears to be coming closer to completely unraveling
virtualization security, at least in terms of how it's implemented in
VMware for example. See also CVE-2007-0061, CVE-2007-0062,
CVE-2007-0063, and CVE-2007-4496.

DS

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

OpenBSD firewalls as virtual machine ?, Josh, (Thu Sep 20, 6:09 pm)

Re: OpenBSD firewalls as virtual machine ?, Jason Dixon, (Thu Sep 20, 6:35 pm)

Re: OpenBSD firewalls as virtual machine ?, Nick Holland, (Thu Sep 20, 6:52 pm)

Re: OpenBSD firewalls as virtual machine ?, bofh, (Thu Sep 20, 6:53 pm)

Re: OpenBSD firewalls as virtual machine ?, Jason Dixon, (Thu Sep 20, 7:15 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Thu Sep 20, 11:18 pm)

Re: OpenBSD firewalls as virtual machine ?, Craig Skinner, (Fri Sep 21, 1:03 am)

Re: OpenBSD firewalls as virtual machine ?, Kent Watsen, (Fri Sep 21, 5:07 am)

Re: OpenBSD firewalls as virtual machine ?, Tony Sarendal, (Fri Sep 21, 5:58 am)

Re: OpenBSD firewalls as virtual machine ?, Scott Wells, (Fri Sep 21, 6:19 am)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Fri Sep 21, 7:48 am)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Fri Sep 21, 7:52 am)

Re: OpenBSD firewalls as virtual machine ?, Craig Skinner, (Fri Sep 21, 8:09 am)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 8:17 am)

Re: OpenBSD firewalls as virtual machine ?, bofh, (Fri Sep 21, 12:29 pm)

Re: OpenBSD firewalls as virtual machine ?, Stuart Henderson, (Fri Sep 21, 12:51 pm)

Re: OpenBSD firewalls as virtual machine ?, Ted Unangst, (Fri Sep 21, 1:28 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 2:15 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 2:16 pm)

Re: OpenBSD firewalls as virtual machine ?, Claudio Jeker, (Fri Sep 21, 3:34 pm)

Re: OpenBSD firewalls as virtual machine ?, Bryan Irvine, (Fri Sep 21, 4:09 pm)

Re: OpenBSD firewalls as virtual machine ?, Tony Sarendal, (Fri Sep 21, 4:10 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 5:06 pm)

Re: OpenBSD firewalls as virtual machine ?, user, (Fri Sep 21, 8:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Fri Sep 21, 9:36 pm)

Re: OpenBSD firewalls as virtual machine ?, Henning Brauer, (Sat Sep 22, 4:29 am)

Re: OpenBSD firewalls as virtual machine ?, Nick Holland, (Sat Sep 22, 7:53 am)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Sat Sep 22, 8:36 am)

Re: OpenBSD firewalls as virtual machine ?, ttw+bsd, (Sat Sep 22, 3:50 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Sat Sep 22, 4:35 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Sat Sep 22, 4:45 pm)

Re: OpenBSD firewalls as virtual machine ?, n0g0013, (Sat Sep 22, 5:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Eduardo Tongson, (Sat Sep 22, 8:12 pm)

Re: OpenBSD firewalls as virtual machine ?, David Gwynne, (Mon Sep 24, 4:59 am)

Re: OpenBSD firewalls as virtual machine ?, Die Gestalt, (Mon Sep 24, 5:56 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set