Security Basics mailing list archives
RE: VMWare and Security
From: "P.B. Wagenaar" <PB.Wagenaar () chello nl>
Date: Mon, 25 Apr 2005 12:12:04 +0200
As far as I know, ESX uses it's own OS and does not run on top of Windows i.e. (GSX is the version that runs on a host layer). So the ESX version uses its own virtualization layer. This could be considerd to be an Operating System right? And there are no security issues with this? What if someone starts writing an exploit for the ESX virtualization layer? Like a malformed TCP packet? The virtual machine (ie. Windows server 2003) might have no problems with the malformed packet, but it passes through the virtualization layer first. I am not saying that there is something wrong with this approach or that is less secure or whatever. I am just asking if all operating systems have had security related bugs, what are the chances the ESX has to go through this cycle also? And how would a security issue in the virtualization layer affect the virtual machines running on it? Once again, vmware is a great product in my eyes, and I can not see anything that is wrong with it being not begin secure or something. But if you can consider ESX to be an OS (like linux and windows), and most OS have had security issues at one time or another, how should an organization treat a new OS like ESX? Philip Wagenaar ________________________________ Van: LT Service [mailto:service () layerthree org] Verzonden: maandag 18 april 2005 22:05 Aan: P.B. Wagenaar; security-basics () securityfocus com Onderwerp: RE: VMWare and Security VMware ESX is secure. I cannot think of anything security related to worry about. Out of the box, the connection to the service console is SSHv2 and the web interface is https. The most vulnerable part is host OS. ________________________________ From: P.B. Wagenaar [mailto:PB.Wagenaar () chello nl] Sent: Mon 4/18/2005 10:28 AM To: security-basics () securityfocus com Subject: VMWare and Security Hello list, We are looking into a VMWare ESX solution. I have a pretty open question and that if there any security related concerns that are specific for a VMWare solution? With kind regards, Philip Wagenaar -- I am using the free version of SPAMfighter for private users. It has removed 1189 spam emails to date. Paying users do not have this message in their emails. Try www.SPAMfighter.com for free now! -- I am using the free version of SPAMfighter for private users. It has removed 1336 spam emails to date. Paying users do not have this message in their emails. Try www.SPAMfighter.com for free now!
Current thread:
- VMWare and Security P.B. Wagenaar (Apr 18)
- <Possible follow-ups>
- RE: VMWare and Security P.B. Wagenaar (Apr 25)
- Re: VMWare and Security Rik Bobbaers (Apr 26)
- Re: VMWare and Security thomas seclists (Apr 26)
- Re: VMWare and Security Gene Yoo (Apr 26)
- RE: VMWare and Security Michael Rice (Apr 27)
- Re: VMWare and Security Rik Bobbaers (Apr 26)