My analogies usually go to custard, but I'll try this one.
You are in charge of getting four ambassadors to a meeting. As well
as making sure they are happy and fed, you are in charge of their
security.
All four are hated in their home countries and you know their are
people wanting to kill them.
Some of your choices:
1. One car per ambassador. If one gets taken out, at least three are
still OK (guess you would still be out of a job, though - so not a
perfect analogy.) Obviously means four cars, four drivers, so more
expensive. And more things to juggle. And if you are very unlucky,
all four could still get taken out (but obviously means a lot of bad
guys being lucky.) It takes four attacks to wipe you out.
2. All four in one car. If any assassin tries to take out an
ambassador, chances are the rest are toast as well. But only one
car / one driver - so less expensive. It takes one attack to wipe
you out.
3. All four in one car - but you start to worry about the risk, so
you start adding stuff to the car. Bigger engine, stronger body, try
and partition off the passengers, give them body armour, have a spare
driver, get the driver to drive randomly - lot more complexity and
things to juggle. Unless you and the car builder are very good (did
you think of EVERYTHING? What exactly did the car builder DO under
the bonnet - do you know?) - one attack will still wipe you out.
Which of these options is "most secure"? (Sending them with Arnie in
his Hummer isn't an option.)
Now I'll send this and then think of how the analogy falls apart ... 8-)
On 25/10/2007, at 7:14 PM, Lars Noodin wrote:
Kevin Stam wrote:
... failed to satisfactorily explain why running a specific
application
in a VM is more secure then running it in a standard OS. It's
nonsense that
you think it's more secure that way. It saves a lot of money, yes
-- you
don't necessarily want a separate box just to run an application -
but
that's not the debate here. The debate is about security, and I'm
amazed
that you think a virtual environment is somehow more secure then a
dedicated
non-virtual environment...
Like I mentioned earlier, security has several contexts. He could
well
be talking about job security, if he's the only one who knows how
it is
set up.
While probably the least, or at least one of the least, technically
skilled people here, I did spend a lot of time this spring reading
up on
virtualization and paravirtualization.
*My* conclusion was that the main, and maybe only, place that
virtualization can help is in restoration after a compromise, assuming
one makes snapshots, etc. That and maybe load balancing / resource
usage to help uptime. Keeping people out, or data in? Nah. Probably
no more than spreading out over different architectures.
However, adding an extra layer otherwise made little sense and is
probably not more effective than sysjail or something like that.
Paravirtualization, *might* help in some cases, since the guest os
must
be ported, but again the host is native and once you reach the host...
-Lars
