Re: Purpose of a hypervisor (was Re: rock solid)

To: debian-user@lists.debian.org
Subject: Re: Purpose of a hypervisor (was Re: rock solid)
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Thu, 5 Jul 2007 19:25:15 -0400
Message-id: <[🔎] 20070705232515.GA6198@titan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20070705154334.GL12665@localhost.localdomain>
References: <b84520740706301217yff3f254je36ac8a6e717bc0c@mail.gmail.com> <[🔎] 20070702173925.GK12665@localhost.localdomain> <[🔎] f6bf5a$2l3$1@sea.gmane.org> <[🔎] 20070702200625.GN12665@localhost.localdomain> <[🔎] 4689B86E.5060106@cox.net> <[🔎] 20070703182502.GX12665@localhost.localdomain> <[🔎] 468ADA46.40303@cox.net> <[🔎] 20070704020035.GB15424@titan> <[🔎] 20070705154334.GL12665@localhost.localdomain>

On Thu, Jul 05, 2007 at 08:43:34AM -0700, Andrew Sackville-West wrote:
> On Tue, Jul 03, 2007 at 10:00:35PM -0400, Douglas Allan Tutty wrote:
> > On Tue, Jul 03, 2007 at 06:22:46PM -0500, Ron Johnson wrote:
> > > On 07/03/07 13:25, Andrew Sackville-West wrote:
> >  >
> > > >Dom0: local file server (video, music, local backups)
> > > >     DomU1: firewall
> > > I understand the need for a small, "separate" firewall.
> > 
> > Does this really give any more security than running the firewall as a
> > regular part of the main box?  Is it as secure as a separate old
> > computer?  These three (plus I suppose a commercial hardware firewall)
> > seem to be the choices.  How do they compare for security?
> 
 
> I don't think there is anything wrong with a debian machine on the net
> with its local firewall as the only thing protecting it. But I think
> if you want anything more sophisticated, some sort of seperate device
> is the way to go. 
> 

So what about a virtual box as a firewall?  That virtual box may have
less on it but it exists in the same physical box as everything else.
Doesn't the virtualization mean that there is one more thing that could
have a vulnerability?

In general, I agree with you and with old boxes being free it makes
sense that once one has more than a couple of boxes to have a spare box
as a firewall.

Doug.

Reply to:

Follow-Ups:
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

References:
- Re: rock solid
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: rock solid
  - From: Kamaraju S Kusumanchi <kamaraju@bluebottle.com>
- Re: rock solid
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Purpose of a hypervisor (was Re: rock solid)
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: Purpose of a hypervisor (was Re: rock solid)
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: Re: OT: knoppix memtest powers off after 35 mins
Next by Date: Re: ndiswrapper problem (solved)
Previous by thread: Re: Purpose of a hypervisor (was Re: rock solid)
Next by thread: Re: Purpose of a hypervisor (was Re: rock solid)
Index(es):
- Date
- Thread