On Tue, Nov 23, 2010 at 01:38:04PM +0100, carlopmart wrote: > I will to know your opinion about using virtual firewalls in virtual > infraestructures like vmware, kvm ,xen, etc (...) [What about] > security?
Let me add one more reason to the ones already offered: there are *many* side-channel attacks that can cross VM barriers. In other words, don't do any sort of crypto (SSH, IPsec...) on virtualized machines, unless you trust every VM on the same physical box. I'm not online at the moment, but look at e.g. "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds" by Ristenpart, Tromer, Shacham and Savage for this kind of attack on Amazon's VMs. There are many others. Joachim -- TFMotD: ipsec.conf (5) - IPsec configuration file http://www.joachimschipper.nl/