>From: Chris Brenton <[EMAIL PROTECTED]>
>On Mon, 2006-07-24 at 15:03 -0400, Ben Scott wrote:
I think the mainframe world is concerned with making the VMs
robust enough to endure unintentional abuse not malicious
intent. Outside attackers are controlled at the perimeter,
long before they get to the mainframe. The VMs are used for
keeping QA and devos isolated from production operations, and
there are enough esoteric auditing and access control
facilities to deter the applications developers from
attempting system hacking. Good practice in large shops with
heavy iron includes separation of duties, so sys programmers
and app programmers are in different worlds, and never the
twain shall meet.
We're going to see more of this in the future with Xen, VMware, MS Virtual Server and Solaris Zones. Intel is also adding features so more can be done in hardware rather then software.
I've been playing with VMware Server (free download) lately and it's quite interesting what can be done. The demos I've seen of the Enterprise version are amazing. It's worth going to a VMware seminar.
>At the recent SANS conference in DC Ed Skoudis & Mike Poor of
>IntelGuardians did a pretty cool talk on breaking out of
VM's. Seems its
>not as hard as people might think.
>
Most of the focus is on keeping people out, not in. How many have *outgoing* firewall rules?
You can setup VMs to run as an unprivilaged user. How about a VM running inside a chroot jail?
Sounds interesting. Were they talking about VMs as VMware or
did they encompass IBM mainframe os architectures as well?
I'm very very interested in knowing that!
And Xen and ....
A few years back, there was a bug in the MacOSX/Virtual PC combo on the Mac that could be exploited for escalation.
Thanks!
-Brucem
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
