And I still use an asa for my network :-)
On 4/28/09, Dale Farnsworth <
dale@farnsworth.org> wrote:
> Eric Shubert wrote:
>> Alex Dean wrote:
>> >
>> > On Apr 27, 2009, at 1:24 PM, Eric Shubert wrote:
>> >
>> >> Mark,
>> >>
>> >> I have a couple old e-machines that I made into IPCop firewall/routers,
>> >> and have been decommissioned for a while (they were virtualized).
>> >
>> > Do you mean you virtualized your firewall?
>>
>> Yep.
>>
>> > Doesn't that create a risk
>> > that other VMs on the same hardware host might be exposed to nasty stuff
>> >
>> > which arrives at the firewall?
>>
>> I don't think so. The VM host isn't addressable/accessible on the
>> outside/red interface. The only thing that 'sees' outside traffic is the
>> IPCop VM.
>>
>> I could be wrong, but it appears safe enough to me.
>
> It is only as safe as VMware is secure. If code can break out of a
> VM and begin running on the host, all bets are off.
>
> As Ken Thompson pointed out in "Reflections on Trusting Truse", you
> already have to trust everyone who developed the hardware, firmware
> and software you are running. Running in a virtual machine instead
> of on bare hardware means you have to also trust the developers of
> the VM host (hypervisor) software.
>
> I'm not saying that it isn't worth it; I use VMs every day.
>
> -Dale
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Sent from my mobile device
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss