[brlug-general] VMware security..
Dustin Puryear
dustin at puryear-it.com
Sun Sep 23 20:09:34 CDT 2007
Well, it's not NEW news per se. VM software has never been risk-free--no
software is. And as far as "between" VMs, well, there is a big VMware
market for software that acts as a sentry between VMs to watch for
problems and attacks. Funny, eh?
Didn't EMC or someone just buy one of those smaller VM security vendors
up? I think so.
--
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com
Author, "Best Practices for Managing Linux and UNIX Servers"
http://www.puryear-it.com/pubs/linux-unix-best-practices
Identity Management, LDAP, and Linux Integration
Fernando Vilas wrote:
> On Saturday 22 September 2007 21:15:00 Dustin Puryear wrote:
>> We push VMware, so this hits us too:
>>
>> http://www.forbes.com/security/2007/09/21/virtualization-software-security-
>> tech-security_cx_ag_0921vmware.html
>>
>> How risky is putting all of your eggs into one basket?
>
> One of the main selling points of virtualization is the idea that a VM can't
> get to the host, so the host should never be at risk. We've been dealing
> with Solaris Containers (zones) a lot lately at work, and they market them
> the same way. Solaris Containers are based on the BSD jail model, and are
> Common Criteria certified to a pretty advanced level.
>
> What I found really interesting the last time I did a BIND upgrade was that
> the docs now say that on a Linux box, it is less secure to run named in a
> chroot jail than to let it run as a non-root user and load the capability
> kernel module so that it can drop privs when it doesn't need them. They
> claim that this is due to something in chroot jails not playing nice with
> named.
>
> To VMWare's credit their representative acknowledges that this is an issue
> with software in general and advises keeping up to date on the patches. I
> wonder how news like this will affect other virtualization platforms like Xen
> and KVM going forward.
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
More information about the General
mailing list