Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] low power home server

eredicatorx@example.com writes:
 > On 05/11/2010 11:23 AM, Stephen J. Turnbull wrote:

 > > I gather you haven't read the "route via telepathy" anecdote in
 > > Bellovin and Cheswick.  Anyway, this is a bad idea, because there's
 > > really only one OS per box, in this case the virtualization host OS.
 > > The guest OSes are just very demanding applications, and because they
 > > are so demanding, I would consider this setup extremely fragile from a
 > > security standpoint.
 > >    
 > Not really from a security stand point, the OS's you use will only be as 
 > secure as you configure them to be.

The point is that instead of one OS to configure on the router, you
now have three to configure, all of which need to access the same wire
that the intruder will be using, plus all the apps that make up the
SAN server, which are more or less trusted by the OS they run on,
which is more or less trusted by the virtualization host.  *Any* of
those can let the bad guys in, at which point you have the possibility
of getting root and perhaps then exploiting a bug in the host OS or
the configuration of the virtualization.

Lots of "maybes" there, of course, but in security you have to
remember that depending on luck favors the intruder.  He only has to
get lucky once.
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links