>> If you're running on a virtual machine, a) you can't power-off with > impunity, > > Of course you can. You can boot a VM off of read only media as easily as you > can a physical machine - although I have not had any luck using the large > floppy image under VMWare server.
Why bother? I've never been able to run anything from anything bigger than 1440. Just write an ISO with whatever you want on there and use that for booting. If you use VMware Workstation or Player you could even use an IDE disk image configured for non-persistent writes. >> b) a compromised firewall virtual machine has SUSE's full > toolset on an accessible hard drive > > Its not that simple. This assumes (as does C) that there is an unknown > attack vector exploitable from a compromised Leaf system, which the attacker > knows about and has not been patched. Simply breaking into virtual Leaf > will not provide you with access to the host system. I suppose there might be ways that a skilled hacker could break through once he's taken control of LEAF. He'd still need the tools for it though and with only the bare minimum available I fail to see where he'd get them. >> c) you can never be entirely sure just how far the penetration got, so the > whole system is suspect! > > This argument is actually valid, especially in light of some past > vulnerabilities. Meaning which? > The decision to virtualize the firewall should be weighed against the > potential for compromise of the firewall and the possibility that the hacker > would then be able to determine that they were running in a VM (probably > could) and using that compromised system, could then access the host. I > think that risk scenario is completely acceptable for most SOHO > environments. Having the pcnet module active is probably a dead-giveaway for VM and otherwise it would likely be hard to believe one would actually have a physical machine with something like dual-core and just 32M or less. Using VMware however I have no reason for any other type of access than console, so in order to get access to the LEAF box one would first have to gain control over an internal machine capable of running VMware console. Essentially this would be the only reason for not using VM, being unable to force physical access only. Gordon ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
