--- Tim Fournet <[EMAIL PROTECTED]> wrote:
> Dustin Puryear wrote
>
> >Bad:
> >
> >An attacker could potentially break out of the VM
> and take over the entire
> >server. This would allow him to compromise all of
> the virtual servers.
> >Basically, using VM could mean putting all of your
> eggs in one basket.
> >
> >
> How? From what I've seen, the guest OS doesn't even
> know it's not on a
> real computer. The closest danger I could see would
> be if the guest OS
> gets compromised, the attacker could use the network
> transport to get to
> other machines, but that's no different than a
> physical box.
And couldn't you setup software firewalls between the
guest OS and the host OS anyway to further reduce the
risks? From what I remember of VMware you can.
Granted, you are putting a lot of faith into the
software publisher's product, especially if it is
closed source, that they are preventing buffer overrun
attacks and so on. Maybe a PEN test of various common
VMware configurations would make a good article ...
John Hebert
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html
