Re: Building a Practical Penetration Test Lab

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: SJP Lists

Subject: Re: Building a Practical Penetration Test Lab

Date: Sunday, November 14, 2010 - 12:20 am

On 13 November 2010 01:50, Chet Langin <clangin@siu.edu> wrote:
quoted text> -----Original Message-----
> <snip>
>>I have run OpenBSD in production on both VMWare server and ESXi.  It was
> the only machine >facing the Internet that the auditors had no findings on.
>>
>>--
>>
>>Edward Ahlsen-Girard
>>Ft Walton Beach, FL
>
>
>
> Which is good, but, then, it appears to me that  VMWare and ESXi become
> comparatively weak links in the setup.

True.  Based on the research performed by Tavis Ormandy at Google [1],
the weakest virtual machine can become an entry point to then be used
to subvert the host server or other adjacent virtual machines.

So it seems to me that security in a virtualized environment is
limited to the combination of the security of the least secure exposed
VM and the security of the host.

Exploit a vulnerable VM and then it's vulnerable host and you now own
all the VM's served by that host, including the OpenBSD ones.

If OpenBSD is not in control of ring zero, you lose.

Alas, sometimes we have no choice.

1. http://taviso.decsystem.org/virtsec.pdf

Shane

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: Building a Practical Penetration Test Lab, Ed Ahlsen-Girard, (Fri Nov 12, 5:06 am)

Re: Building a Practical Penetration Test Lab, Chet Langin, (Fri Nov 12, 7:50 am)

Re: Building a Practical Penetration Test Lab, SJP Lists, (Sun Nov 14, 12:20 am)


linux-kernel:
Fortier,Vincent [Montreal]	2.6.21.5 june 30th to july 1st date hang?
Jeff Dike	[ PATCH 2/6 ] UML - Formatting fixes around os_{read_write}_file callers
Liam Girdwood	[PATCH 07/13] regulator: regulator test harness
Oleg Nesterov	Re: Getting the new RxRPC patches upstream
Stefan Seyfried	Re: 2.6.19-rc5: grub is much slower resuming from suspend-to-disk than in 2.6.18
linux-netdev:
Arnaud Ebalard	Re: [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0
Jan Engelhardt	Re: [PATCH iptables] extension: add xt_cpu match
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Sebastian Andrzej Siewior	[PATCH 8/8] net/emergency: remove locking from reycling pool if emergncy pools are...
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
git:
Jakub Narebski	Re: git on MacOSX and files with decomposed utf-8 file names
Brandon Casey	Re: Thunderbird and patches (was Re: [PATCH v2] Enable setting attach as the def...
Christian Couder	[PATCH 1/3] rev-parse: add test script for "--verify"
Ramkumar Ramachandra	Re: [GSoC update] git-remote-svn: The final one
Junio C Hamano	Re: git-rm isn't the inverse action of git-add
openbsd-misc:
Joachim Schipper	Re: UVC Webcams
Florin Andrei	SOLVED [was: firewall is very slow, something's wrong]
Todd Alan Smith	Re: Microsoft gets the Most Secure Operating Systems award
Neal Hogan	Re: Need Advice: Thinkpad T60 or T61?
Sam Fourman Jr.	Re: Real men don't attack straw men
git-commits-head:
Linux Kernel Mailing List	ACPI: Disable ARB_DISABLE on platforms where it is not needed
Linux Kernel Mailing List	m68knommu: add read_barrier_depends() and irqs_disabled_flags()
Linux Kernel Mailing List	[MTD] Add mtd panic_write function pointer
Linux Kernel Mailing List	[ARM] pxa: remove duplicate select statements from Kconfig
Linux Kernel Mailing List	mlx4_core: Don't read reserved fields in mlx4_QUERY_ADAPTER()