Kevin Stam wrote: > ... failed to satisfactorily explain why running a specific application > in a VM is more secure then running it in a standard OS. It's nonsense that > you think it's more secure that way. It saves a lot of money, yes -- you > don't necessarily want a separate box just to run an application - but > that's not the debate here. The debate is about security, and I'm amazed > that you think a virtual environment is somehow more secure then a dedicated > non-virtual environment...
Like I mentioned earlier, security has several contexts. He could well be talking about job security, if he's the only one who knows how it is set up. While probably the least, or at least one of the least, technically skilled people here, I did spend a lot of time this spring reading up on virtualization and paravirtualization. *My* conclusion was that the main, and maybe only, place that virtualization can help is in restoration after a compromise, assuming one makes snapshots, etc. That and maybe load balancing / resource usage to help uptime. Keeping people out, or data in? Nah. Probably no more than spreading out over different architectures. However, adding an extra layer otherwise made little sense and is probably not more effective than sysjail or something like that. Paravirtualization, *might* help in some cases, since the guest os must be ported, but again the host is native and once you reach the host... -Lars
