OK
You are right.
But you know in this case your security level is not higher than virtual
machine.
Because your security level in complex chained system is not higher than
weakest point.In fact you are accepting the risk of using virtual machine.
I think in this case if your virtual machine system is not stronger than
OpenBSD you should not use it.
If one can exploit virtual machine he/she can hurt your platform.
I think virtual systems are very very useful but they are not very good for
security box.
I think virtual machine is one of your assets that you should be able to
protect it.
because it may have many guest and provide several services for your client
.
For example in this senario you can not protect your network even your
firewall box against DoS or DDoS attack.
because your virtual machine has to get a lot of packet before your
firewall.
On Tue, Nov 23, 2010 at 4:47 PM, carlopmart <carlopm...@gmail.com> wrote:
> On 11/23/2010 01:48 PM, carlopmart wrote:
>
>> On 11/23/2010 01:42 PM, Bret Lambert wrote:
>>
>>> Because you're still relying on your host's network stack, you aren't
>>> actually firewalling it.
>>>
>>>
>> Uhmm .. I am not sure about this. For example: you can configure several
>> virtual
>> bridges under a ESXi host and then attach them to a virtual firewall like
>> OpenBSD.
>> If you configure some pf rules, you are doing firewalling ... In this case
>> you have
>> all network stack except layer 1, correct??
>>
>
> And one more thing: with latest releases of hypervisors like ESXi and KVM
> (I don't know about xen), you can attach physical hardware to a specific
> guest, like network interfaces. Then, you have all network stack asigned to
> a virtual machine. Where are the disadvantages in scenarios like this??
>
> Thanks.
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
--
Gula_Gula =;=; BNF
