Re: OpenBSD firewalls as virtual machine ? | KernelTrap

Re: OpenBSD firewalls as virtual machine ?

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Darren Spruell <phatbuckett@...>

To: misc <misc@...>

Subject: Re: OpenBSD firewalls as virtual machine ?

Date: Friday, September 21, 2007 - 2:18 am

On 9/20/07, Nick Holland wrote:

quoted text

> > Can someone please inform me if this is a really bad idea or not,
> > ideally with some nice reasoning?
> >
> >
> > Cheers,
> > Josh
>
> Read this:
> http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/
> Read the paper linked there as well. Always good to go back to original
> source material.
>
> Anyone who told you VM technology and security had anything to do with
> each other was full of doo-doo.

I'll echo Nick's statements here. Virtualization does not provide
reliable enough segmentation to rely on for security assurance. Do not
buy into the market smack the vendors are putting out about it.

As far as that goes, the more time goes on, the weaker the assumption
of virtualized segmentation becomes. Research from IntelGuardians and
other groups appears to be coming closer to completely unraveling
virtualization security, at least in terms of how it's implemented in
VMware for example. See also CVE-2007-0061, CVE-2007-0062,
CVE-2007-0063, and CVE-2007-4496.

DS

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

OpenBSD firewalls as virtual machine ?, Josh, (Thu Sep 20, 9:09 pm)

Re: OpenBSD firewalls as virtual machine ?, Die Gestalt, (Mon Sep 24, 8:56 am)

Re: OpenBSD firewalls as virtual machine ?, David Gwynne, (Mon Sep 24, 7:59 am)

Re: OpenBSD firewalls as virtual machine ?, Eduardo Tongson, (Sat Sep 22, 11:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Bryan Irvine, (Fri Sep 21, 7:09 pm)

Re: OpenBSD firewalls as virtual machine ?, Kent Watsen, (Fri Sep 21, 8:07 am)

Re: OpenBSD firewalls as virtual machine ?, Scott Wells, (Fri Sep 21, 9:19 am)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Fri Sep 21, 10:52 am)

Re: OpenBSD firewalls as virtual machine ?, , (Fri Sep 21, 11:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Sat Sep 22, 12:36 am)

Re: OpenBSD firewalls as virtual machine ?, Nick Holland, (Sat Sep 22, 10:53 am)

Re: OpenBSD firewalls as virtual machine ?, Douglas A. Tutty, (Sat Sep 22, 11:36 am)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 11:17 am)

Re: OpenBSD firewalls as virtual machine ?, Henning Brauer, (Sat Sep 22, 7:29 am)

Re: OpenBSD firewalls as virtual machine ?, bofh, (Fri Sep 21, 3:29 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 5:15 pm)

Re: OpenBSD firewalls as virtual machine ?, Stuart Henderson, (Fri Sep 21, 3:51 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 5:16 pm)

Re: OpenBSD firewalls as virtual machine ?, Claudio Jeker, (Fri Sep 21, 6:34 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Fri Sep 21, 8:06 pm)

Re: OpenBSD firewalls as virtual machine ?, , (Sat Sep 22, 6:50 pm)

Re: OpenBSD firewalls as virtual machine ?, Luca Corti, (Sat Sep 22, 7:35 pm)

Re: OpenBSD firewalls as virtual machine ?, n0g0013, (Sat Sep 22, 8:12 pm)

Re: OpenBSD firewalls as virtual machine ?, Tony Sarendal, (Fri Sep 21, 7:10 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Fri Sep 21, 10:48 am)

Re: OpenBSD firewalls as virtual machine ?, Ted Unangst, (Fri Sep 21, 4:28 pm)

Re: OpenBSD firewalls as virtual machine ?, Craig Skinner, (Fri Sep 21, 11:09 am)

Re: OpenBSD firewalls as virtual machine ?, Tony Sarendal, (Fri Sep 21, 8:58 am)

Re: OpenBSD firewalls as virtual machine ?, Nick Holland, (Thu Sep 20, 9:52 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Sat Sep 22, 7:45 pm)

Re: OpenBSD firewalls as virtual machine ?, Darren Spruell, (Fri Sep 21, 2:18 am)

Re: OpenBSD firewalls as virtual machine ?, Craig Skinner, (Fri Sep 21, 4:03 am)

Re: OpenBSD firewalls as virtual machine ?, Jason Dixon, (Thu Sep 20, 9:35 pm)

Re: OpenBSD firewalls as virtual machine ?, bofh, (Thu Sep 20, 9:53 pm)

Re: OpenBSD firewalls as virtual machine ?, Jason Dixon, (Thu Sep 20, 10:15 pm)

Navigation

Popular discussions


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Vu Pham	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Adrian Bunk	Re: Linux 2.6.21
git:

linux-netdev:
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Radu Rendec	Endianness problem with u32 classifier hash masks
Benjamin Herrenschmidt	[PATCH 0/11] ibm_newemac: Candidate patches for 2.6.25
openbsd-misc:

Colocation donated by:

Who's online

There are currently 1 user and 786 guests online.

Online users

janel105

Syndicate