On Thu, 2004-04-15 at 08:23, [EMAIL PROTECTED] wrote: > My point being, once the attacker is in, the clock is > ticking on the whole kit-n-kaboodle getting hacked anyway. > So (reiterating) my sense is that VM technology does > not substantially improve security nor increase security > risks in and of itself.
I think if anything, the cost savings of using VM tech make it easier to implement better security in your VMs. Separation of roles, fine-tuning firewall rules, and persistent disks are tools to improve security. Those things can be done without using VM, but can cost more in terms of hardware. One big benefit is the ability to easily create staging, testing, or development versions of live servers. That allows more extensive testing with configurations that can very closely match live configs, which can help catch security-related problems. Disaster recovery is also much easier in a VM environment. When your hard drives are a file, then bare-metal recovery is trivial. If you even suspect a break-in, all you need to do is restore a VM's disk image from backup. New security patch out? Back up your image and apply the patch immediately--if the patch goes sour, you can easily go back to the previous state. For the cases that you were the victim of a break-in, it's easy to do forensics on the image file in your spare time, after bringing yourself back up. All in all, I agree that VM tech doesn't necessarily improve security on its own, but it does make it easier and more cost effective to follow more secure practices.
