>> If you're running on a virtual machine, a) you
can't power-off with
> impunity,
>
> Of course you can. You can boot a VM off of read only
media as easily as you
> can a physical machine - although I have not had any
luck using the large
> floppy image under VMWare server.
Why bother? I've never been able to run anything from
anything bigger
than 1440. Just write an ISO with whatever you want on there
and use
that for booting. If you use VMware Workstation or Player
you could even
use an IDE disk image configured for non-persistent writes.
>> b) a compromised firewall virtual machine has
SUSE's full
> toolset on an accessible hard drive
>
> Its not that simple. This assumes (as does C) that
there is an unknown
> attack vector exploitable from a compromised Leaf
system, which the attacker
> knows about and has not been patched. Simply breaking
into virtual Leaf
> will not provide you with access to the host system.
I suppose there might be ways that a skilled hacker could
break through
once he's taken control of LEAF. He'd still need the tools
for it though
and with only the bare minimum available I fail to see where
he'd get them.
>> c) you can never be entirely sure just how far the
penetration got, so the
> whole system is suspect!
>
> This argument is actually valid, especially in light of
some past
> vulnerabilities.
Meaning which?
> The decision to virtualize the firewall should be
weighed against the
> potential for compromise of the firewall and the
possibility that the hacker
> would then be able to determine that they were running
in a VM (probably
> could) and using that compromised system, could then
access the host. I
> think that risk scenario is completely acceptable for
most SOHO
> environments.
Having the pcnet module active is probably a dead-giveaway
for VM and
otherwise it would likely be hard to believe one would
actually have a
physical machine with something like dual-core and just 32M
or less.
Using VMware however I have no reason for any other type of
access than
console, so in order to get access to the LEAF box one would
first have
to gain control over an internal machine capable of running
VMware
console. Essentially this would be the only reason for not
using VM,
being unable to force physical access only.
Gordon
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------
------------
leaf-user mailing list: leaf-user lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
|