22 Aug
2008
22 Aug
'08
6:06 a.m.
On Friday 22 Aug 2008 13:08, Raj Mathur wrote:
On Friday 22 Aug 2008, jtd wrote:
True, as you point out, for a very limited definition of true. In many
(most?) cases exploiting a doze hole is all that is required to
zombie all the other doze boxes connecting to the service. Comprising
the entire host is not necessary, perhaps not even desirable.
[snip]
Virtulization does not solve the security issue. Virtualization
merely provides the ability to better utilise hardware and
manpower.
Virtualisation does solve /a/ security issue, namely that of
containing cracks into a limited environment. For instance, I'd
rather someone crack a virtual machine running HTTP through a
hypothetical Apache exploit (on a server with multiple virtual
machines running different applications) than the whole server
using the same exploit.
It's not a panacea, but it does help you improve security. On the
flip side are the costs of virtualisation, whether hardware, IP
addresses or management.
Agreed. The OP might have realised the danger in trying to paper over
deeply embedded architectural security issues.
--
Rgds
JTD