On 2/28/07, Nick Holland <[EMAIL PROTECTED]> wrote: > > Guido Tschakert wrote: > ... > > Hi, > > yes finally you must go outside, this is done with the bridged > interface. > > The question is (I don't have the complete answer, but a strange > feeling): > > How secure is your windows with a network interface enabled and nothing > > on it configured. > > > > guido > > exactly. > This idea of using VMware (or similar) to host a firewall that > protects the host operating system is something I find somewhere > between amusing (because its silly) and scary (because it indicates > people don't really understand, and think that a "firewall" works > magic, and these people might be protecting our personal data). > > By the time a packet has made it to your VMware firewall, you have > gone through the host OS. You are assuming the host OS's network > support is secure. You are assuming the VMware virtualization code is > secure. You are assuming that the VM can't be compromised by an > exploited host OS.
> The vmware code runs as a set of processes on the Hosted OS so I really shouldn't have to say more. Add to this the fact that the .vmdk files which are your virtual disks ARE NOT encrypted and are writeable by anyone who has enough privs on the Host OS. Now when it comes to the ESX products Virtual Infrastructure , things are a little better out of the box but not much. The vmdk files and the vmx files usually reside on some type of datastore (SAN) as of now, theey are not encrypted. Become SANmaster by hook or by crook... well, you get the idea.
