On 10/24/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: > At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: > > > > Anything we can do to increase security, *including* setting up VMs (of > > any > > > flavor) is an improvement [that also increased hardware utilization]. > > > >This last sentence is such a lie. > > That depends on your viewpoint. There certainly may be some issues at the > OS level (which have been mentioned previously), however the majority of VM > applications benefit from security *isolation*, which has nothing to do > with security issues of the underlying OS, and that was the viewpoint I was > communicating. > > For example, say you have three departments within a company: Marketing, > Development, Production. Allowing each department to maintain their own > server instance allows each department to have their own users, home > directory configuration, samba (possibly) network config & authorization, > separate file/print sharing domain, etc.
This is called a "tangent." It has nothing to do with the reliable security aspects of segmentation via virtualization. The point you may try making here is that by segmenting your servers into individual instances for each department, rather than having all departments on a shared server, an attack against one department's server doesn't affect the other. _In theory_, that's true. _In reality_, this is only a surface assumption as without strong segmentation at the network level to separate a compromised department from another department, the attacker can compromise the other departments' servers from the first one and have the same result. Remember back 10-ish years ago when VLANs were being touted as the ultimate network segmentation technology by marketers of managed switches? And now everyone hopefully realizes that while VLANs technically do offer network segmentation, it's really rudimentary and cannot be relied on for truly reliable security due to various layer 2 attacks that subvert them? Or that if there's any communication conduits that allows one to talk to the other, that can simply be leveraged to subvert security? That simply segmenting networks with VLANs can't be considering to fully isolate them? That when people want solid assurance of isolating hosts they often still air gap them? That is the point that VM-based segmentation is at right now. This isn't supposed to be a remedial lesson on network architectures; you're supposed to pick up the parallels to separation of systems/applications via VM technology. VM based segmentation or isolation (whichever buzzword you prefer ATM) is fine on the surface level, but please stop acting as if it is a security measure. People much smarter than $you are blowing that idea out of the water right now. http://www.intelguardians.com/ndss.pdf http://www.pauldotcom.com/2007/08/27/pauldotcom_security_weekly_int_1.html http://www.cutawaysecurity.com/blog/archives/170 (read Ed Skoudis' comment on this post) DS
