Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VM system for firewall use

From: Christopher Hicks <chicks () chicks net>
Date: Tue, 12 Oct 2004 11:10:25 -0400 (EDT)
On Tue, 12 Oct 2004, Paul D. Robertson wrote:

I'm really unsure as to why a jail isn't enough though--
I was thinking about this and I'm thinking JAILs plus MAC would provide a more winning solution than seperating things by using VMs.
Scenario: a compartment gets compromised. If that compartment is in a JAIL/MAC environment then what that compromise can accomplish is effectively minimized. In the VM environment the compromise would compromise that entire VM and that VM could communicate with any other VM in any way it pleased. 

The JAIL/MAC version seems a lot less scary and catastrophic to me.

Am I missing something here?

--
</chris>

Westheimer's Discovery:
  "A coupla months in the laboratory can save a coupla hours in the library."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: