On Friday 22 Aug 2008 13:08, Raj Mathur wrote:
On Friday 22 Aug 2008, jtd wrote:
[snip] Virtulization does not solve the security issue. Virtualization merely provides the ability to better utilise hardware and manpower.
Virtualisation does solve /a/ security issue, namely that of containing cracks into a limited environment. For instance, I'd rather someone crack a virtual machine running HTTP through a hypothetical Apache exploit (on a server with multiple virtual machines running different applications) than the whole server using the same exploit.
True, as you point out, for a very limited definition of true. In many (most?) cases exploiting a doze hole is all that is required to zombie all the other doze boxes connecting to the service. Comprising the entire host is not necessary, perhaps not even desirable.
It's not a panacea, but it does help you improve security. On the flip side are the costs of virtualisation, whether hardware, IP addresses or management.
Agreed. The OP might have realised the danger in trying to paper over deeply embedded architectural security issues.