In message <A683EE2D55D14244B72772B0A53B3A1B0135502CBFC6@ihcomm.ImageHawk.local> Mark Jones <[email protected]> was claimed to have wrote:
>Well, I hear of people running pfSense in a VM, and I wonder how do >you avoid exposing the host OS to the network? Proper configuration? >How can a firewall be run in a VM and not leave the host OS hanging out >to be attacked? I can't speak to VMWare's design limitations, but Hyper-V makes it trivial to bind the local machine's IP stack to one NIC, while Hyper-V guests are bound to one or more other interfaces. The attack surface is still marginally larger since the Hypervisor's virtual switch is a potential target, but this is reasonably tolerable. Crawling out of the guest environment and compromising the host isn't necessarily impossible, but by that point your firewall is already so thoroughly compromised that you've probably got bigger things to worry about. >Yes, I agree that having a jabber server on the firewall is less secure >than not having a jabber server, but I question it being less secure >than having it on my internal server. If it is on the pfSense box and >becomes compromised, the hacker will need pfSense skills to get any >further, then they will need an additional set of skills to get at my >primary servers. If I open the ports that the jabber server uses, then >they have access to my primary servers via the jabber server software >because the firewall is permitting connections into and out of the >network on those ports. If the Jabber service itself is compromised then no additional skills are needed to get out beyond what would be needed to get out of a standalone server. Sure, some basic OS skills will be useful, but being on pfSense is no better or worse than anything else here. >If this analysis is wrong, please someone point out where it is wrong. >This assumes that the jabber server only opens the ports for XMPP and >nothing else, no management ports etc..... There's a number of considerations. To start with, many networks have more than "inside" and "outside", your Jabber server doesn't necessarily need to have access to anything at all other than other Jabber servers (plus the ability to receive client connections from within the user-facing LAN) In this context, the firewall becomes the gatekeeper between each subnet/VLAN/LAN/whatever, and so is a far more attractive target. Also consider, if your Jabber server only opens ports for XMPP and nothing else, and your firewall passes all traffic to those XMPP ports, what benefit do you receive from having a firewall at all vs putting the XMPP server completely outside your firewall? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
