General TC > Tiny Core on Virtual Machines

Virtualization or chroot more secure?

<< < (4/5) > >>

Ulysses_:

--- Quote from: danielibarnes on April 14, 2011, 11:11:49 AM ---With the open-vm-tools-x extension I recently submitted, you can use Unity to give a more integrated look and use shared folders to store bookmarks and other permanent data.
--- End quote ---

Thanks.  Was it difficult?


--- Quote ---Regarding step 5, why select Bridged then modify host firewall (if exists) instead of using NAT?

--- End quote ---

Because chances are a newbie is using a windows host. Which has a terrible reputation for security so it better be completely blocked off the internet and the VM, otherwise an infected VM might infect the host too. Through one of the many services that run in windows or exploits that exist for windows.  But then NAT is blocked too.  Whereas Bridged networking is not blocked, this somehow bypasses the firewall.

danielibarnes:

--- Quote ---Thanks.  Was it difficult?
--- End quote ---

It was difficult to get right and make it work with a minimum of user intervention. The more recent release of open-vm-tools is easier to compile, but it omits the vmmemctl module, so I had to compile that separately.


--- Quote ---Because chances are a newbie is using a windows host.
--- End quote ---

Good point. Using VMware Player as you describe so completely protects the host that a chroot would not provide any additional security that I can imagine.

Ulysses_:
Maybe ESX can be infected too, if it exposes itself to the internet and the VMs, and one of the VMs gets infected?

danielibarnes:

--- Quote from: Ulysses_ on April 14, 2011, 03:06:48 PM ---Maybe ESX can be infected too, if it exposes itself to the internet and the VMs, and one of the VMs gets infected?

--- End quote ---

It is a best practice to separate your administrative network from your VM network for that reason.

Ulysses_:
Does that imply having two network cards on the host, one for VMs, one administrative to connect to other computers in your lan?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version