Hi Gordon,
lots of people have responded since you wrote that mail - so
most of
what I was going to say has already been addressed - but I
still feel
the need to respond to two things.
Gordon Bos wrote:
> Whether it's stupid or not, that *is* what I'm doing at
home.
Who said anything about "stupid"? You're the first
to use that term.
Whatever works for you is fine with me (and should be fine
with the rest
of the world, unless you're doing something incredibly
stupid, which as
far as I can tell, you're not doing).
> I'm simply
> not rich enough to run multiple physical servers and
the house is also
> full enough the way it is.
I guess it's not a matter of being "rich"
(dangerous term, because it's
highly relative - just ask any person you consider
"rich" - I'm sure
they don't think they are...). In the good old (LRP) days, I
ran my
firewall on old computers that were no longer powerful
enough to run the
wonderful products from Redmond (I think the first one was a
80486-DX4),
which cost nothing other than space and electricity. These
days, I use
WRAP and Soekris boxes, which aren't for free, but offer
enough value
that I'm willing to pay for them (especially the WRAP boxes,
which IMHO
are very reasonably priced). Where money doesn't matter as
much (i.e. at
work), we use Nexcom boxes, simply because they have a nice
selection,
and they fit nicely into a 19' rack.
> But I am curious. How would you go about on a virtual
machine over which
> you gained control that would compromise the host?
I wouldn't, since breaking into other people's computers is
not what I
do these days.
But hypothetically, it should be possible, for example using
a security
flaw in VMWare (and history teaches us that no fixed
security issue is
ever too old to work, because people tend to be very bad at
applying
patches). For a relatively recent issue see
http://www
.heise-security.co.uk/news/96272 , where it specifically
says
"Attackers can exploit these vulnerabilities to, for
example, break out
of the guest system in the virtual machine". Yes, you
need to break into
the LEAF box first, but once one has done that, one is in a
better
position than if the LEAF box where a physical computer,
since (assuming
the aforementioned vulnerability is still present) it's
relatively easy
to break out of the VM and then have a "proper"
computer at one's disposal.
To me, it comes down to the fact that the more software is
involved, the
more likely it is that there's a hidden security issue, that
we don't
know about yet, but that the "bad guys" are
actively exploiting. Call me
paranoid...
To look at things from a different angle - if I spend $200
for a Soekris
or WRAP box (to pick some arbitrary amount - I don't know
what the
current prices are since I didn't need to buy anything from
those
companies lately), at least I know that a DOS against my
firewall will
not shut down everything else on my internal net. If all my
servers run
on the machine that's also the host for my firewall, it's at
least
possible that a DOS against the firewall will also affect
the other
virtual machines. If my firewall is on a different physical
box, I might
not be able to read my email (since none is coming through
due to the
DOS), but at least I can still work using my file server,
database
server, application server and so on. For the typical home
user, that
might not make a difference, but it does to me (which is why
I don't run
my firewall on a VM run on a host that's also hosting other
things I need).
Don't get me wrong - I use VMs for all kinds of things, and
I like the
possibilities that "virtualizing" a server gives
me (to me, it is
especially great for testing, and for emulating the
environment that
will present itself at a customer's site, or for making sure
that I
don't need yet another physical server for yet another
project), but for
the connection to the internet, I prefer a physical box (or
rather two,
so the outer firewall can service the DMZ as well).
Does that mean that what you're doing is "stupid"?
Surely not, as far as
I'm concerned. But I don't think that installing LEAF on a
VM should be
suggested to a newby, who seems to not fully have understood
what LEAF
actually is, either.
Martin
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------
------------
leaf-user mailing list: leaf-user lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
|