Re: Virtualization and firewalling?

["Martin Hoz" <martinhoz () gmail com>]

On 3/18/07, Paul D. Robertson <paul () compuwar net> wrote:
> On Sun, 18 Mar 2007, Robby Cauwerts wrote:
>
> > > Now we're starting to see a big push for hardware virtualization, is
> > > anyone seeing a move to per-virtual-system firewalling on the hosting OS?
> >
> >
> > This is already available for years on the firewall market.
> > Check Point VSX (If money is no problem), Cisco ASA with their security
> > contexts, ....
>
> Aren't these just a way of packaging rules on an appliance rather than
> providing access control on a hosting OS?  While there's likely to be some

On the case of Check Point, they don't virtualize the hosting OS: only
the FW/VPN instances/processes and once you gain access to the OS, you
might have access to any instance you like

With Juniper you may have access to particular instances, and restrict
access to the ScreenOS just to the instance you want.

Same thing with Fortinet, where access is given just to the instances
where access was granted by the master administrator, making it look
like if the Host OS was restricted on a per-instance basis as well. In
this case, virtualization is for all the Security services offered by
the box, including things such as Antivirus and SSL VPN. Very cool!

- Martín.

-- 
**** ¿Hoy qué haz hecho para ahorrar agua? - What have you done today
to save water? - O que você têm feito hoje para conservar a água?
** Mi página web: http://gama.fime.uanl.mx/~mhoz/
** Mi blog: http://cuevademhoz.blogspot.com/index.html
* "Somos consecuencia del pasado, y causa de nuestro futuro."
** "E no final das contas, como diz um sábio persa, o amor é uma
doença da qual ninguém quer livrar-se" - Paulo Coelho.
** My Linux - http://www.slackware.com == My BSD - http://www.openbsd.org
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards