On Thu, 21 May 2009, obiozorok...@yahoo.com wrote: SNIP
I'll have to re-think this but I honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image running on ESXi as my strong firewall I would be ok. Basically its just a virtualization of my physical environment but all on one box with 3 VM images. So my idea was to have second OpenBSD image (not the firewall OpenBSD image) running with Samba as my Domain Controller and File server, and Email server and then the third Windows VM running just the custom app. I figured that as long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered and controlled by pf, spam greylisting, brute force checked, etc I would be ok? No?
Yes, you could do this (please NOT on a Soekris) but your system won't be any more secure than the weakest link. We haven't really seen the exploits for ESX, yet. Virtualization is really cool, you could own the virtual hardware and the O/S would never know. It takes the issue related to binary blobs to a whole new level. diana