|Thomas Delrue on 7 Nov 2017 10:17:58 -0800|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] small business server virtualization?|
On 11/07/2017 11:54 AM, JP Vossen wrote: > On 11/07/2017 10:31 AM, Rich Kulawiec wrote: >> There is also some concern about security. I've kept this handy >> for a decade, as a pointed reminder to myself: >> >> "You are absolutely deluded, if not stupid, if you think that >> a worldwide collection of software engineers who can't write >> operating systems or applications without security holes, >> can then turn around and suddenly write virtualization layers >> without security holes." >> >> --- Theo De Raadt on the statement "Virtualization seems to have a >> lot of security benefits", firstname.lastname@example.org, October 23, 2007 >> >> Thus my approach, which is to presume that virtualization of all types >> can be an effective tool for resource management and similar tasks, but >> it can't be counted on as a security enforcement mechanism. > > I actually agree with Theo and you, but to be Devil's Advocate, > hypervisors are a whole HECK of a lot smaller & simpler than operating > systems or many apps. Complexity is the enemy of security, so simpler > is better. Thus I can argue that it's much more likely that most > hypervisors *will* be more secure and have fewer bugs than OS/apps > because they are much simpler and probably change somewhat less. I am somewhat with you on this one but the prize awarded for exploiting weaknesses in hypervisors and other virtualization technologies is significantly higher than just exploiting the OS: when you exploit the hypervisor, you have access to everything running on it, not just one instance of a thing. So in a way, you're adding to your attack surface by adding a virtualization technology, you're giving me one more thing I can try to attack and which you now need to manage/patch/etc.. Additionally, lack of proof is not proof of lack. While you are right that their *own* (!) attack surface is smaller, that doesn't mean that there aren't any gaping holes. And as mentioned before, you're not taking away/reducing total attack surface, you're just adding more attack surface. > So I think there's more middle ground than Theo implies. That said, I > personally don't trust virtualization for security, I use different > physical machines on different physical network segments for separation. You're bang on regarding not trusting virtualization to deliver onto you security because that's not really the problem it tries/should try/set out to try to solve. I'm with Rich on virtualization: virtualization is about resource allocation (i.e. *properly* maxing out your available cycles/ram/etc. before buying a new box) and nothing else.
Description: OpenPGP digital signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug