L. V. Lammert wrote: > At 05:12 PM 10/24/2007 +0200, Henning Brauer wrote: >>* L. V. Lammert <[EMAIL PROTECTED]> [2007-10-24 16:46]: >> > Virtualization provides near absolute security - DOM0 is not visible to >> > the user at all, only passing network traffic and handling kernel calls. >> > The security comes about in that each DOMU is totally isolated from the >> > the others, while the core DOM0 is isolated from any attacks. >> >>dream on. >>that is what marketing wants to tell you. >>in fact the isolation is incredibly poor. > > Sorry, the kernel hacking world is pretty far removed from 'enterprise > reality' <not that it's a bad thing - I often wish it were that simple>!! > In reality, there are tons of SMEs out there using MS Crap and other risky > software! The few security risks you cite for XEN are negligable by > comparison.
When all this crap/risky software is running on separate boxes, you only have the network as an attack path to the other crap. This path is well understood, and there are established policies, best practices, tools that you can use to control and monitor your network. Now, when you put all this crap onto the same hardware, you remove the well known and trusted hardware from underneath the already crappy setups, and introduce a (possibly crappy/unknown) software layer that claims to provide isolation. Advantages: 1. buzzword compliance 2. some 'cool features' like snapshots and migration 3. perhaps better utilize the (high performance/ultra expensive) hardware you just bought to gain 1 & 2. Disadvantages: 1. isolation between the systems is in fact *reduced* 2. whole new attack paths through the VM system are introduced: you get access to the host OS, not necessarily through a guest, you compromise ALL guests. 3. A compromised guest could, at the very least cause stability problems and DoS affecting ALL the guests, at worst compromising the host OS. > Anything we can do to increase security, *including* setting up VMs (of any > flavor) is an improvement [that also increased hardware utilization]. You do not get security improvements out of using a VM system at all. Look at the list above. This is *not* some kernel hackers' out of the world scenario. This is just common sense and security best practices that every enterprise should be aware of. You do have some benefits in terms of management and flexibility, and perhaps faster recovery. VMs are invaluable for development/testing. But there is absolutely *no* security improvement at all. You may accept the risks in favor of the benefits to your business, but do not claim that you are actually improving the security. Can
