On Friday 22 Aug 2008 13:08, Raj Mathur wrote: > On Friday 22 Aug 2008, jtd wrote: > > [snip] > > Virtulization does not solve the security issue. Virtualization > > merely provides the ability to better utilise hardware and > > manpower. > > Virtualisation does solve /a/ security issue, namely that of > containing cracks into a limited environment. For instance, I'd > rather someone crack a virtual machine running HTTP through a > hypothetical Apache exploit (on a server with multiple virtual > machines running different applications) than the whole server > using the same exploit.
True, as you point out, for a very limited definition of true. In many (most?) cases exploiting a doze hole is all that is required to zombie all the other doze boxes connecting to the service. Comprising the entire host is not necessary, perhaps not even desirable. > > It's not a panacea, but it does help you improve security. On the > flip side are the costs of virtualisation, whether hardware, IP > addresses or management. Agreed. The OP might have realised the danger in trying to paper over deeply embedded architectural security issues. -- Rgds JTD -- http://mm.glug-bom.org/mailman/listinfo/linuxers
