http://rationalsecurity.typepad.com/blog/2008/04/the-four-horsem.html
is a good intro to the issues of trying to make that scale. ________________________________ From: Adam Van Ornum [[email protected]] Sent: 29 January 2009 00:30 To: [email protected] Subject: RE: [pfSense-discussion] xen aware pfsense. I think what he is saying is not having pfSense run as a domU guest, rather running it as the dom0 host. The idea being then that all of the virtual machines running in domU would therefore be protected by the pfSense dom0 host. > Date: Wed, 28 Jan 2009 16:50:50 -0700 > From: [email protected] > To: [email protected] > Subject: Re: [pfSense-discussion] xen aware pfsense. > > On Wed, Jan 28, 2009 at 16:19, pfsense sense <[email protected]> wrote: > > point taken but it wouldn't be "adding [file | virtual | foo] server > > features" it would only be "pfsense --> VT" > > > > i'm no security expert, in any stretch of the imagination, I would have > > expected that the suggested addition of a dom0 would/could be fully > > protected, due to dom0 sitting behind pfsense, thus making the point of > > secuity a mut point. > > You're being inconsistent, and that may be due to a language barrier. > If I read this correctly, my first understanding of your original post > may have been correct: you want to run pfSense as a domU guest. > > If that is the case, the point still stands that running a network > security appliance as a virtualized guest is a bad idea, but there's > nothing stopping you from doing it as long as your virtualization host > supports HVM or unmodified guests. Xen-hvm, qemu+kqemu, kvm, VMWare, > Parallels, and VirtualBox all do that. > > Throwing aside performance concerns, here's an example of one of the > potential security hazards: your virtualized firewall system gets > compromised. If the firewall is running on dedicated hardware, the > attacker now has much wider (but still network-bound) access to your > internal services. If running as a virtual guest, the attacker has > the following additional choices: > - DoS the other guests by consumng as much CPU/disk/memory as possible > - Attack the host (dom0) or hypervisor directly, thereby gaining > higher-than-root access to all the rest of the guest systems. > The reverse is also true - the virtual firewall may be attacked in > much the same way. > > Having a hypervisor running underneath a guest OS does not make > security a moot point; rather, it increases complexity and attack > surfaces, effectively reducing security. > > > RB > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > ________________________________ Windows Live™ Hotmail®…more than just e-mail. See how it works.<http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_howitworks_012009>
