Need Advice on Routers
Stephen
cryptworks at gmail.com
Tue Apr 28 10:33:41 MST 2009
And I still use an asa for my network :-)
On 4/28/09, Dale Farnsworth <dale at farnsworth.org> wrote:
> Eric Shubert wrote:
>> Alex Dean wrote:
>> >
>> > On Apr 27, 2009, at 1:24 PM, Eric Shubert wrote:
>> >
>> >> Mark,
>> >>
>> >> I have a couple old e-machines that I made into IPCop firewall/routers,
>> >> and have been decommissioned for a while (they were virtualized).
>> >
>> > Do you mean you virtualized your firewall?
>>
>> Yep.
>>
>> > Doesn't that create a risk
>> > that other VMs on the same hardware host might be exposed to nasty stuff
>> >
>> > which arrives at the firewall?
>>
>> I don't think so. The VM host isn't addressable/accessible on the
>> outside/red interface. The only thing that 'sees' outside traffic is the
>> IPCop VM.
>>
>> I could be wrong, but it appears safe enough to me.
>
> It is only as safe as VMware is secure. If code can break out of a
> VM and begin running on the host, all bets are off.
>
> As Ken Thompson pointed out in "Reflections on Trusting Truse", you
> already have to trust everyone who developed the hardware, firmware
> and software you are running. Running in a virtual machine instead
> of on bare hardware means you have to also trust the developers of
> the VM host (hypervisor) software.
>
> I'm not saying that it isn't worth it; I use VMs every day.
>
> -Dale
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Sent from my mobile device
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
More information about the PLUG-discuss
mailing list