On Tue, Dec 18, 2007 at 08:48:46PM +0100, ropers wrote: > The reason for the controversy appears to be that it's currently en > vogue in some quarters (not here) to ascribe all kinds of benefits to > virtualization, including security benefits -- which are very much not > really there. Virtualization introduces more complexity, complexity is > the enemy of real security. The "security benefits" that > virtualization introduces are mostly administrative benefits that may > make it easier to determine that your boxes were pwned by a sloppy > attacker, but OpenBSD people prefer their boxes to be as pwnage-proof > as humanely possible, ie. to make sure their boxes don't get pwned to > start with. And that's much easier to do w/o virtualization. So > whatever you do, don't cite security claims as reasons for > OpenBSD/Xen, unless you fancy your OpenBSD "street cred" getting > rather unceremoniously shredded into little itsy bitsy pieces. > > Hope this helps, thanks and regards, > --ropers >
just to give you a crazy example what people/vendors think is a possible "security benefit": some people have the idea to use virtualization on a central monster firewall to segregate multiple departments on a single physical device. this "firewall virtualization" feature is supported by Cizzco-Eeeh and other vendors. this is just a scary useability feature to give the admin the opportunity to offload some work to customers/departments.. of course, it is a very bad idea from a security point of view; one example of VM vulnerability was given by my early vic(4) driver which caused segfaults of the GSX server host side. i think it is much better, if not doing it correctly by using distributed edge firewalls, to use pf anchors, tables, etc. to support multiple firewall operators. anyway, blah, there is a big controversy about VMs and Xen, but it could be at least useful for things like testing, development, and other edge cases. reyk
