| JP Vossen on 7 Nov 2017 08:54:53 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] small business server virtualization? |
On 11/07/2017 10:31 AM, Rich Kulawiec wrote:
There is also some concern about security. I've kept this handy
for a decade, as a pointed reminder to myself:
"You are absolutely deluded, if not stupid, if you think that
a worldwide collection of software engineers who can't write
operating systems or applications without security holes,
can then turn around and suddenly write virtualization layers
without security holes."
--- Theo De Raadt on the statement "Virtualization seems to have a
lot of security benefits", misc@openbsd.org, October 23, 2007
Thus my approach, which is to presume that virtualization of all types
can be an effective tool for resource management and similar tasks, but
it can't be counted on as a security enforcement mechanism.
I actually agree with Theo and you, but to be Devil's Advocate, hypervisors are a whole HECK of a lot smaller & simpler than operating systems or many apps. Complexity is the enemy of security, so simpler is better. Thus I can argue that it's much more likely that most hypervisors *will* be more secure and have fewer bugs than OS/apps because they are much simpler and probably change somewhat less.
So I think there's more middle ground than Theo implies. That said, I personally don't trust virtualization for security, I use different physical machines on different physical network segments for separation.
Later, JP -- ------------------------------------------------------------------- JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug