[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] VM system for firewall use
From: Christopher Hicks <chicks () chicks ! net>
Date: 2004-10-12 15:10:25
Message-ID: Pine.LNX.4.60.0410121107040.5021 () skippy ! fini ! net
[Download RAW message or body]
On Tue, 12 Oct 2004, Paul D. Robertson wrote:
> I'm really unsure as to why a jail isn't enough though--
I was thinking about this and I'm thinking JAILs plus MAC would provide a
more winning solution than seperating things by using VMs.
Scenario: a compartment gets compromised. If that compartment is in a
JAIL/MAC environment then what that compromise can accomplish is
effectively minimized. In the VM environment the compromise would
compromise that entire VM and that VM could communicate with any other VM
in any way it pleased.
The JAIL/MAC version seems a lot less scary and catastrophic to me.
Am I missing something here?
--
</chris>
Westheimer's Discovery:
"A coupla months in the laboratory can save a coupla hours in the library."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic