At 09:46 PM 10/24/2007 -0400, you wrote:
On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote:
> Sorry, it's YOU that missed the point! I never said or made any comparison
> to physical machines - the entirety of that I said is:
>
> "Running services/application domains in VMs increases security." As I
> said in a previous email, only an idiot would think that separatey
> physical machines would NOT increase security, and I give this crowd much
> more credit than that so I did not bother to include such information.
>
> I still stand by my original statement. Running application 'domains' in
> VMs instead of on a single server increases security.
What you're saying, appears to be:
1) 3 applications in one OS - less secure.
2) 3 applications in 3 physical servers - more secure
3) 3 applications in 3 virtual servers each running one OS - in
between #1 and #2 for security
Yes, indeed!
What the others are telling you is that you are wrong. While there is
a continuum, is it closer to #1 or #2? I believe it is closer to #1.
This is because, nobody has done an independent security audit of the
VMWare ESX platform. When we say something is more secure, we can
show it in 2 ways - a track history, like openbsd, or some 3rd party
verification, fips, orange book, certification, whatever. ESX's
recent history is extremely damaging. Again, go look up all the
advisories. Taking over a guest allows taking over a host?!?!?!
Where is your "separation" again?!
The fact that #3 is more secure than #1 is the original hypothesis, at
least from an 'application domain' standpoint. Others diverted the
discussion to #2 which, while I assumed everyone would already accept this
as fact, still proved an excellent discussion.
The information about VMWare, itself, is also good information, though we
normally use XEN because most of the applications we build do not include
commercial s/w.
Lee
