John Hebert <[EMAIL PROTECTED]> writes: > And couldn't you setup software firewalls between the > guest OS and the host OS anyway to further reduce the > risks? From what I remember of VMware you can. > > Granted, you are putting a lot of faith into the > software publisher's product, especially if it is > closed source, that they are preventing buffer overrun > attacks and so on. Maybe a PEN test of various common > VMware configurations would make a good article ...
My sense is that a VM machine is not substantially more risky than a physical machine in a network. Let's say you're running a service on a VM that an attacker is able to exploit and get a regular user shell. Once in he then runs a local exploit to get root privs on the VM box. Chances are, he's not aware it's a VM so rootkit is install and he starts scarfing up packets and running john the ripper on /etc/shadow. He finds a few account passwords, maybe some .ssh/identity files of shell users on the LAN, or sniffs some packets of uncrypted (telnet/ftp) logins. Thus he exploits perhaps the host box or other boxes on the LAN. Or he breaks into the VM box, figures out it's a VM box, runs a local exploit against the VM to gain access to the host, might have to elevate user privs through another exploit if VM isn't running with root privs. It's a shortcut to the first scenario but not much of one. My point being, once the attacker is in, the clock is ticking on the whole kit-n-kaboodle getting hacked anyway. So (reiterating) my sense is that VM technology does not substantially improve security nor increase security risks in and of itself. -- Scott Harney<[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
