> From: Matt Finnigan [mailto:[email protected]] > > That's not a very compelling argument. I've been at firms that deployed VM- > based security devices and passed audits.
Well, like I said, I do it myself too. But from a security standpoint, if you had the option of running a firewall on dedicated hardware as opposed to VM, the hypervisor and other guests on the same hardware can only introduce possible attack vectors. Not reduce them. I know I've certainly seen situations where memory of one VM creeped into another VM, and stuff like that. So there *are* bugs that are potentially exploitable. Plus, no sane person could make a blanket statement that hypervisors are bug-free and un-exploitable. But if you're comfortable with the stability of any other VM running on that hypervisor, there's a good chance you'll be comfortable also, with running the firewall in there. I know, for most cases, I am comfortable with that. _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
