On Wed, Jan 28, 2009 at 16:19, pfsense sense <[email protected]> wrote: > point taken but it wouldn't be "adding [file | virtual | foo] server > features" it would only be "pfsense --> VT" > > i'm no security expert, in any stretch of the imagination, I would have > expected that the suggested addition of a dom0 would/could be fully > protected, due to dom0 sitting behind pfsense, thus making the point of > secuity a mut point.
You're being inconsistent, and that may be due to a language barrier. If I read this correctly, my first understanding of your original post may have been correct: you want to run pfSense as a domU guest. If that is the case, the point still stands that running a network security appliance as a virtualized guest is a bad idea, but there's nothing stopping you from doing it as long as your virtualization host supports HVM or unmodified guests. Xen-hvm, qemu+kqemu, kvm, VMWare, Parallels, and VirtualBox all do that. Throwing aside performance concerns, here's an example of one of the potential security hazards: your virtualized firewall system gets compromised. If the firewall is running on dedicated hardware, the attacker now has much wider (but still network-bound) access to your internal services. If running as a virtual guest, the attacker has the following additional choices: - DoS the other guests by consumng as much CPU/disk/memory as possible - Attack the host (dom0) or hypervisor directly, thereby gaining higher-than-root access to all the rest of the guest systems. The reverse is also true - the virtual firewall may be attacked in much the same way. Having a hypervisor running underneath a guest OS does not make security a moot point; rather, it increases complexity and attack surfaces, effectively reducing security. RB --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
