Re: Purpose of a hypervisor (was Re: rock solid)

From: Douglas Allan Tutty <dtutty@xxxxxxxxxxxxx>
Date: Thu, 5 Jul 2007 19:25:15 -0400

On Thu, Jul 05, 2007 at 08:43:34AM -0700, Andrew Sackville-West wrote:

On Tue, Jul 03, 2007 at 10:00:35PM -0400, Douglas Allan Tutty wrote:

On Tue, Jul 03, 2007 at 06:22:46PM -0500, Ron Johnson wrote:

On 07/03/07 13:25, Andrew Sackville-West wrote:

>

Dom0: local file server (video, music, local backups)
DomU1: firewall

I understand the need for a small, "separate" firewall.

Does this really give any more security than running the firewall as a
regular part of the main box? Is it as secure as a separate old
computer? These three (plus I suppose a commercial hardware firewall)
seem to be the choices. How do they compare for security?

I don't think there is anything wrong with a debian machine on the net
with its local firewall as the only thing protecting it. But I think
if you want anything more sophisticated, some sort of seperate device
is the way to go.

So what about a virtual box as a firewall? That virtual box may have
less on it but it exists in the same physical box as everything else.
Doesn't the virtualization mean that there is one more thing that could
have a vulnerability?

In general, I agree with you and with old boxes being free it makes
sense that once one has more than a couple of boxes to have a spare box
as a firewall.

Doug.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Andrew Sackville-West

References:
- Re: rock solid
  - From: Andrew Sackville-West
- Re: rock solid
  - From: Kamaraju S Kusumanchi
- Re: rock solid
  - From: Andrew Sackville-West
- Purpose of a hypervisor (was Re: rock solid)
  - From: Ron Johnson
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Andrew Sackville-West
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Ron Johnson
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Douglas Allan Tutty
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Andrew Sackville-West

Prev by Date: Re: OT: knoppix memtest powers off after 35 mins
Next by Date: Re: ndiswrapper problem (solved)
Previous by thread: Re: Purpose of a hypervisor (was Re: rock solid)
Next by thread: Re: Purpose of a hypervisor (was Re: rock solid)
Index(es):
- Date
- Thread

Relevant Pages

[REVS] Bypassing Client Application Protection Techniques
... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
(Securiteam)
Re: Recycler security issues on IIS server
... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
(microsoft.public.inetserver.iis.security)
Why hasnt Symantec addressed nastier Messenger spoofs
... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ...
(comp.security.misc)
Re:RE : suggestions on a good firewall
... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...
(Security-Basics)
Re: Service pack 2 (XP)
... I have a 'theory' that SP2 has a LOT to do with firewall and new browser ... besides those security features. ... The operative word is SPYWARE. ...
(microsoft.public.windowsupdate)