Rich Freeman on 15 Apr 2013 08:50:14 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Embedded 3-Port Firwall?

On Mon, Apr 15, 2013 at 11:41 AM, Lee H. Marzke <> wrote:
> Many large (say fortune 1000) companies run multiple security zones in their
> vmware clusters so there better not be a vmware guest escape exploit.

Well, lots of people (including fortune 1000 companies) depend on
their browser to not let Javascript code mess with stuff outside of
the sandbox, so there better never be a Javascript escape exploit.
That hasn't prevented such exploits from being discovered.

That said, hardware firewalls can be exploited as well - but the
environment is less complex which makes that harder.

> This avoids human mistakes in security rules for a move.

Yup, both dedicated hardware and virtual solutions have pros/cons -
security is about the weakest link, not the strongest one, and it is
the link you don't pay attention to that tends to get you.

The more I think about it the better the virtual firewall sounds, but
the fact that nobody has found an exploit in the current VMWare
products does not mean that these flaws do not exist.  Either firewall
design is a trade-off.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --