On Tue, Nov 23, 2010 at 01:38:04PM +0100, carlopmart wrote:
> I will to know your opinion about using virtual firewalls in virtual
> infraestructures like vmware, kvm ,xen, etc (...) [What about]
> security?
Let me add one more reason to the ones already offered: there are *many*
side-channel attacks that can cross VM barriers. In other words, don't
do any sort of crypto (SSH, IPsec...) on virtualized machines, unless
you trust every VM on the same physical box.
I'm not online at the moment, but look at e.g. "Hey, You, Get Off of My
Cloud: Exploring Information Leakage in Third-Party Compute Clouds" by
Ristenpart, Tromer, Shacham and Savage for this kind of attack on
Amazon's VMs. There are many others.
Joachim
--
TFMotD: ipsec.conf (5) - IPsec configuration file
http://www.joachimschipper.nl/
