I think what he is saying is not having pfSense run as a domU guest, rather
running it as the dom0 host. The idea being then that all of the virtual
machines running in domU would therefore be protected by the pfSense dom0 host.
> Date: Wed, 28 Jan 2009 16:50:50 -0700> From: [email protected]> To:
> [email protected]> Subject: Re: [pfSense-discussion] xen aware pfsense.>
> > On Wed, Jan 28, 2009 at 16:19, pfsense sense <[email protected]> wrote:>
> > point taken but it wouldn't be "adding [file | virtual | foo] server> >
> features" it would only be "pfsense --> VT"> >> > i'm no security expert, in
> any stretch of the imagination, I would have> > expected that the suggested
> addition of a dom0 would/could be fully> > protected, due to dom0 sitting
> behind pfsense, thus making the point of> > secuity a mut point.> > You're
> being inconsistent, and that may be due to a language barrier.> If I read
> this correctly, my first understanding of your original post> may have been
> correct: you want to run pfSense as a domU guest.> > If that is the case, the
> point still stands that running a network> security appliance as a
> virtualized guest is a bad idea, but there's> nothing stopping you from doing
> it as long as your virtualization host> supports HVM or unmodified guests.
> Xen-hvm, qemu+kqemu, kvm, VMWare,> Parallels, and VirtualBox all do that.> >
> Throwing aside performance concerns, here's an example of one of the>
> potential security hazards: your virtualized firewall system gets>
> compromised. If the firewall is running on dedicated hardware, the> attacker
> now has much wider (but still network-bound) access to your> internal
> services. If running as a virtual guest, the attacker has> the following
> additional choices:> - DoS the other guests by consumng as much
> CPU/disk/memory as possible> - Attack the host (dom0) or hypervisor directly,
> thereby gaining> higher-than-root access to all the rest of the guest
> systems.> The reverse is also true - the virtual firewall may be attacked in>
> much the same way.> > Having a hypervisor running underneath a guest OS does
> not make> security a moot point; rather, it increases complexity and attack>
> surfaces, effectively reducing security.> > > RB> >
> ---------------------------------------------------------------------> To
> unsubscribe, e-mail: [email protected]> For additional
> commands, e-mail: [email protected]> > Commercial support available
> - https://portal.pfsense.org>
_________________________________________________________________
Windows Live™ Hotmail®…more than just e-mail.
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howitworks_012009
