WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Virtualization or chroot more secure?  (Read 14122 times)

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Virtualization or chroot more secure?
« Reply #15 on: April 14, 2011, 12:11:10 PM »
With the open-vm-tools-x extension I recently submitted, you can use Unity to give a more integrated look and use shared folders to store bookmarks and other permanent data.

Thanks.  Was it difficult?

Quote
Regarding step 5, why select Bridged then modify host firewall (if exists) instead of using NAT?

Because chances are a newbie is using a windows host. Which has a terrible reputation for security so it better be completely blocked off the internet and the VM, otherwise an infected VM might infect the host too. Through one of the many services that run in windows or exploits that exist for windows.  But then NAT is blocked too.  Whereas Bridged networking is not blocked, this somehow bypasses the firewall.
« Last Edit: April 14, 2011, 12:16:37 PM by Ulysses_ »

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Virtualization or chroot more secure?
« Reply #16 on: April 14, 2011, 02:13:21 PM »
Quote
Thanks.  Was it difficult?

It was difficult to get right and make it work with a minimum of user intervention. The more recent release of open-vm-tools is easier to compile, but it omits the vmmemctl module, so I had to compile that separately.

Quote
Because chances are a newbie is using a windows host.

Good point. Using VMware Player as you describe so completely protects the host that a chroot would not provide any additional security that I can imagine.
« Last Edit: April 14, 2011, 02:17:28 PM by danielibarnes »

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Virtualization or chroot more secure?
« Reply #17 on: April 14, 2011, 03:06:48 PM »
Maybe ESX can be infected too, if it exposes itself to the internet and the VMs, and one of the VMs gets infected?

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Virtualization or chroot more secure?
« Reply #18 on: April 14, 2011, 04:30:18 PM »
Maybe ESX can be infected too, if it exposes itself to the internet and the VMs, and one of the VMs gets infected?

It is a best practice to separate your administrative network from your VM network for that reason.

Offline Ulysses_

  • Full Member
  • ***
  • Posts: 232
Re: Virtualization or chroot more secure?
« Reply #19 on: April 14, 2011, 04:48:07 PM »
Does that imply having two network cards on the host, one for VMs, one administrative to connect to other computers in your lan?

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Virtualization or chroot more secure?
« Reply #20 on: April 14, 2011, 04:57:53 PM »
Does that imply having two network cards on the host, one for VMs, one administrative to connect to other computers in your lan?

Yes, most rack-mount systems include two NICs for that purpose. The administrative and virtual machine networks can be placed on a different VLANs or firewalled externally.