| Rich Freeman on 15 Apr 2013 08:50:14 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Embedded 3-Port Firwall? |
On Mon, Apr 15, 2013 at 11:41 AM, Lee H. Marzke <lee@marzke.net> wrote: > Many large (say fortune 1000) companies run multiple security zones in their > vmware clusters so there better not be a vmware guest escape exploit. Well, lots of people (including fortune 1000 companies) depend on their browser to not let Javascript code mess with stuff outside of the sandbox, so there better never be a Javascript escape exploit. That hasn't prevented such exploits from being discovered. That said, hardware firewalls can be exploited as well - but the environment is less complex which makes that harder. > This avoids human mistakes in security rules for a move. Yup, both dedicated hardware and virtual solutions have pros/cons - security is about the weakest link, not the strongest one, and it is the link you don't pay attention to that tends to get you. The more I think about it the better the virtual firewall sounds, but the fact that nobody has found an exploit in the current VMWare products does not mean that these flaws do not exist. Either firewall design is a trade-off. Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug