On Fri, 26 Nov 2010 17:50:13 +0100
Joachim Schipper wrote:
> Let me add one more reason to the ones already offered: there are *many*
> side-channel attacks that can cross VM barriers. In other words, don't
> do any sort of crypto (SSH, IPsec...) on virtualized machines, unless
> you trust every
On Tue, Nov 23, 2010 at 01:38:04PM +0100, carlopmart wrote:
> I will to know your opinion about using virtual firewalls in virtual
> infraestructures like vmware, kvm ,xen, etc (...) [What about]
> security?
Let me add one more reason to the ones already offered: there are *many*
side-channel atta
On 11/24/2010 02:36 PM, SJP Lists wrote:
On 24 November 2010 19:34, SJP Lists wrote:
On 24 November 2010 01:12, Brad Tilley wrote:
carlopmart wrote:
Advantages are very clear for me: provisioning, administration tasks,
etc ... But I will to know disadvantages. What is your opinion from th
On 24 November 2010 19:34, SJP Lists wrote:
> On 24 November 2010 01:12, Brad Tilley wrote:
>> carlopmart wrote:
>>
>>> Advantages are very clear for me: provisioning, administration tasks,
>>> etc ... But I will to know disadvantages. What is your opinion from the
>>> point of view of security?
On 24 November 2010 07:28, Brad Tilley wrote:
> Nick Holland wrote:
>
>> what's changed?
>> Layering? Nope.
>> Crappy programming? Nope.
>> Better hardware? not really.
>> Features-before-security? Nope.
>
> Good points. The goals of virtualization are, easy management, power
> savings, quick p
On 24 November 2010 01:12, Brad Tilley wrote:
> carlopmart wrote:
>
>> Advantages are very clear for me: provisioning, administration tasks,
>> etc ... But I will to know disadvantages. What is your opinion from the
>> point of view of security?
>
> I use virtualization for many things (mainly fo
On Tue, 2010-11-23 at 15:28 -0500, Brad Tilley wrote:
> Nick Holland wrote:
>
> > what's changed?
> > Layering? Nope.
> > Crappy programming? Nope.
> > Better hardware? not really.
> > Features-before-security? Nope.
>
> Good points. The goals of virtualization are, easy management, power
> sa
Nick Holland wrote:
> what's changed?
> Layering? Nope.
> Crappy programming? Nope.
> Better hardware? not really.
> Features-before-security? Nope.
Good points. The goals of virtualization are, easy management, power
savings, quick provisioning and deployment, redundancy, etc. When you
talk a
On 11/23/10 08:32, carlopmart wrote:
On 11/23/2010 02:30 PM, Timo Schoeler wrote:
...
http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/24/352059
Yes, but this question is three years old and hypervisors have changed
Thanks.
what's changed?
Layering? Nope.
Crappy programming? No
On Tue, Nov 23, 2010 at 01:38:04PM +0100, carlopmart wrote:
>Hi all,
>
> First of all, I don't want to start a flame. I will to know your
>opinion about using virtual firewalls in virtual infraestructures
>like vmware, kvm ,xen, etc ... like OpenBSD.
>
> Advantages are very clear for me: provisioni
> Possibly, yes. Here's why. You're not attacking an OpenBSD host.
>
> The hypervisor has a network stack that is engaged before any guest.
> How else can you setup virtual switches, "attach interfaces", etc.
> Assuming that stack is vulnerable in some fashion, you have the
> opportunity to atta
* carlopmart [101123 08:44]:
> On 11/23/2010 02:33 PM, Jim Razmus wrote:
> >* carlopmart [101123 08:22]:
> >>On 11/23/2010 01:48 PM, carlopmart wrote:
> >>>On 11/23/2010 01:42 PM, Bret Lambert wrote:
> Because you're still relying on your host's network stack, you aren't
> actually firewa
At logical level who is responsible against layer two threats (vm or fw)?
You are using virtual machine and its network drivers aren't you?
I think it is so clear that in this solution health of VM is vital for
your network.
It seems you are concentrating and focus only about network layer
vulne
On 2010-11-23, at 6:38 AM, carlopmart wrote:
> Hi all,
>
> First of all, I don't want to start a flame. I will to know your opinion
about using virtual firewalls in virtual infraestructures like vmware, kvm
,xen, etc ... like OpenBSD.
>
> Advantages are very clear for me: provisioning, administrat
On 11/23/2010 04:03 PM, Stuart Henderson wrote:
On 2010-11-23, carlopmart wrote:
Hi all,
First of all, I don't want to start a flame. I will to know your opinion
about
using virtual firewalls in virtual infraestructures like vmware, kvm ,xen, etc
...
like OpenBSD.
Advantages are very
On 2010-11-23, carlopmart wrote:
> Hi all,
>
> First of all, I don't want to start a flame. I will to know your opinion
> about
> using virtual firewalls in virtual infraestructures like vmware, kvm ,xen,
> etc ...
> like OpenBSD.
>
> Advantages are very clear for me: provisioning, adminis
On 23/11/10 13:56, Bahador NazariFard wrote:
OK
You are right.
But you know in this case your security level is not higher than virtual
machine.
Because your security level in complex chained system is not higher than
weakest point.In fact you are accepting the risk of using virtual machine.
I th
carlopmart wrote:
> Advantages are very clear for me: provisioning, administration tasks,
> etc ... But I will to know disadvantages. What is your opinion from the
> point of view of security?
I use virtualization for many things (mainly for the productivity
advantages that you list), but it has
OK
You are right.
But you know in this case your security level is not higher than virtual
machine.
Because your security level in complex chained system is not higher than
weakest point.In fact you are accepting the risk of using virtual machine.
I think in this case if your virtual machine system
On Tue, Nov 23, 2010 at 1:38 PM, carlopmart wrote:
> Hi all,
>
> First of all, I don't want to start a flame. I will to know your opinion
> about using virtual firewalls in virtual infraestructures like vmware, kvm
> ,xen, etc ... like OpenBSD.
>
> Advantages are very clear for me: provisioning,
On 11/23/10 07:38, carlopmart wrote:
Hi all,
First of all, I don't want to start a flame. I will to know your
opinion about using virtual firewalls in virtual infraestructures like
vmware, kvm ,xen, etc ... like OpenBSD.
Advantages are very clear for me: provisioning, administration tasks,
On 11/23/2010 02:33 PM, Jim Razmus wrote:
* carlopmart [101123 08:22]:
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For
On 11/23/2010 02:30 PM, Timo Schoeler wrote:
thus carlopmart spake:
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For exam
* carlopmart [101123 08:22]:
> On 11/23/2010 01:48 PM, carlopmart wrote:
> >On 11/23/2010 01:42 PM, Bret Lambert wrote:
> >>Because you're still relying on your host's network stack, you aren't
> >>actually firewalling it.
> >>
> >
> >Uhmm .. I am not sure about this. For example: you can configur
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For example: you can configure several virtual
bridges under a ESXi host and t
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For example: you can configure several virtual
bridges under a ESXi host and then attach them to a virtual firewall like
26 matches
Mail list logo
