Eric Shubert wrote: > Alex Dean wrote: > > > > On Apr 27, 2009, at 1:24 PM, Eric Shubert wrote: > > > >> Mark, > >> > >> I have a couple old e-machines that I made into IPCop firewall/routers, > >> and have been decommissioned for a while (they were virtualized). > > > > Do you mean you virtualized your firewall? > > Yep. > > > Doesn't that create a risk > > that other VMs on the same hardware host might be exposed to nasty stuff > > which arrives at the firewall? > > I don't think so. The VM host isn't addressable/accessible on the > outside/red interface. The only thing that 'sees' outside traffic is the > IPCop VM. > > I could be wrong, but it appears safe enough to me.
It is only as safe as VMware is secure. If code can break out of a VM and begin running on the host, all bets are off. As Ken Thompson pointed out in "Reflections on Trusting Truse", you already have to trust everyone who developed the hardware, firmware and software you are running. Running in a virtual machine instead of on bare hardware means you have to also trust the developers of the VM host (hypervisor) software. I'm not saying that it isn't worth it; I use VMs every day. -Dale --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
