Re: VMWare and Security

[Rik Bobbaers <Rik.Bobbaers () cc kuleuven ac be>]

On Monday 25 April 2005 12:12, P.B. Wagenaar wrote:
> As far as I know, ESX uses it's own OS and does not run on top of Windows
> i.e. (GSX is the version that runs on a host layer).
>
> So the ESX version uses its own virtualization layer. This could be
> considerd to be an Operating System right? And there are no security issues
> with this? What if someone starts writing an exploit for the ESX
> virtualization layer? Like a malformed TCP packet? The virtual machine (ie.
> Windows server 2003) might have no problems with the malformed packet, but
> it passes through the virtualization layer first. I am not saying that
> there is something wrong with this approach or that is less secure or
> whatever. I am just asking if all operating systems have had security
> related bugs, what are the chances the ESX has to go through this cycle
> also? And how would a security issue in the virtualization layer affect the
> virtual machines running on it?
>
> Once again, vmware is a great product in my eyes, and I can not see
> anything that is wrong with it being not begin secure or something. But if
> you can consider ESX to be an OS (like linux and windows), and most OS have
> had security issues at one time or another, how should an organization
> treat a new OS like ESX?

let's put it different...

ESX is a RedHat linux which is tuned by the vmware people...

but what do the vmware people do to improve security on ESX?

i think esx 2.5 sitll runs kernel 2.6.5 (iirc).

i'd like to add another question... what's the advantage of ESX to GSX? 
(maintenance of a linux machine is peanuts, so that doesn't count ;))

-- 
harry
aka Rik Bobbaers

K.U.Leuven - LUDIT             -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org

ASCII stupid question, get a stupid ANSI!