Thomas Delrue on 7 Nov 2017 10:17:58 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] small business server virtualization? 

On 11/07/2017 11:54 AM, JP Vossen wrote:
> On 11/07/2017 10:31 AM, Rich Kulawiec wrote:
>> There is also some concern about security.  I've kept this handy
>> for a decade, as a pointed reminder to myself:
>>
>>     "You are absolutely deluded, if not stupid, if you think that
>>     a worldwide collection of software engineers who can't write
>>     operating systems or applications without security holes,
>>     can then turn around and suddenly write virtualization layers
>>     without security holes."
>>
>>      --- Theo De Raadt on the statement "Virtualization seems to have a
>>          lot of security benefits", misc@openbsd.org, October 23, 2007
>>
>> Thus my approach, which is to presume that virtualization of all types
>> can be an effective tool for resource management and similar tasks, but
>> it can't be counted on as a security enforcement mechanism.
> 
> I actually agree with Theo and you, but to be Devil's Advocate,
> hypervisors are a whole HECK of a lot smaller & simpler than operating
> systems or many apps.  Complexity is the enemy of security, so simpler
> is better.  Thus I can argue that it's much more likely that most
> hypervisors *will* be more secure and have fewer bugs than OS/apps
> because they are much simpler and probably change somewhat less.

I am somewhat with you on this one but the prize awarded for exploiting
weaknesses in hypervisors and other virtualization technologies is
significantly higher than just exploiting the OS: when you exploit the
hypervisor, you have access to everything running on it, not just one
instance of a thing. So in a way, you're adding to your attack surface
by adding a virtualization technology, you're giving me one more thing I
can try to attack and which you now need to manage/patch/etc..

Additionally, lack of proof is not proof of lack. While you are right
that their *own* (!) attack surface is smaller, that doesn't mean that
there aren't any gaping holes. And as mentioned before, you're not
taking away/reducing total attack surface, you're just adding more
attack surface.

> So I think there's more middle ground than Theo implies.  That said, I
> personally don't trust virtualization for security, I use different
> physical machines on different physical network segments for separation.

You're bang on regarding not trusting virtualization to deliver onto you
security because that's not really the problem it tries/should try/set
out to try to solve.
I'm with Rich on virtualization: virtualization is about resource
allocation (i.e. *properly* maxing out your available cycles/ram/etc.
before buying a new box) and nothing else.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug