At logical level who is responsible against layer two threats (vm or fw)?
You are using virtual machine and its network drivers aren't you?
I think it is so clear that in this solution health of VM is vital for
your network.
It seems you are concentrating and focus only about network layer
vulnerabilities.
but you VM may be vulnerable against application layer attacks even against
local guest system users.
for example VM may have a vulnerable web administration interface that can
be a good start point for your enemies!
eventually you have many guest system on your VM and your VM threats is
not limited only to network layer threats.
however I think even in this situam your firewall should process and filter
network traffic before than others(including VM).
On Tue, Nov 23, 2010 at 6:45 PM, carlopmart <carlopm...@gmail.com> wrote:
> On 11/23/2010 04:03 PM, Stuart Henderson wrote:
>
>> On 2010-11-23, carlopmart<carlopm...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> First of all, I don't want to start a flame. I will to know your
>>> opinion about
>>> using virtual firewalls in virtual infraestructures like vmware, kvm
>>> ,xen, etc ...
>>> like OpenBSD.
>>>
>>> Advantages are very clear for me: provisioning, administration tasks,
>>> etc ... But
>>> I will to know disadvantages. What is your opinion from the point of view
>>> of security?
>>>
>>> Thanks.
>>>
>>
>> How will you protect your management interface if the firewall is
>> virtualised?
>>
>>
>>
> At logical level or physical level?? At logical level I can configure a
> virtual bridge on this interface and apply firewall rules. Physically,
> impossible, obvious.
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
--
Gula_Gula =;=; BNF
