And I still use an asa for my network :-) On 4/28/09, Dale Farnsworth wrote: > Eric Shubert wrote: >> Alex Dean wrote: >> > >> > On Apr 27, 2009, at 1:24 PM, Eric Shubert wrote: >> > >> >> Mark, >> >> >> >> I have a couple old e-machines that I made into IPCop firewall/routers, >> >> and have been decommissioned for a while (they were virtualized). >> > >> > Do you mean you virtualized your firewall? >> >> Yep. >> >> > Doesn't that create a risk >> > that other VMs on the same hardware host might be exposed to nasty stuff >> > >> > which arrives at the firewall? >> >> I don't think so. The VM host isn't addressable/accessible on the >> outside/red interface. The only thing that 'sees' outside traffic is the >> IPCop VM. >> >> I could be wrong, but it appears safe enough to me. > > It is only as safe as VMware is secure. If code can break out of a > VM and begin running on the host, all bets are off. > > As Ken Thompson pointed out in "Reflections on Trusting Truse", you > already have to trust everyone who developed the hardware, firmware > and software you are running. Running in a virtual machine instead > of on bare hardware means you have to also trust the developers of > the VM host (hypervisor) software. > > I'm not saying that it isn't worth it; I use VMs every day. > > -Dale > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Sent from my mobile device A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss