Re: Purpose of a hypervisor (was Re: rock solid)
On Thu, Jul 05, 2007 at 08:43:34AM -0700, Andrew Sackville-West wrote:
> On Tue, Jul 03, 2007 at 10:00:35PM -0400, Douglas Allan Tutty wrote:
> > On Tue, Jul 03, 2007 at 06:22:46PM -0500, Ron Johnson wrote:
> > > On 07/03/07 13:25, Andrew Sackville-West wrote:
> > >
> > > >Dom0: local file server (video, music, local backups)
> > > > DomU1: firewall
> > > I understand the need for a small, "separate" firewall.
> > Does this really give any more security than running the firewall as a
> > regular part of the main box? Is it as secure as a separate old
> > computer? These three (plus I suppose a commercial hardware firewall)
> > seem to be the choices. How do they compare for security?
> I don't think there is anything wrong with a debian machine on the net
> with its local firewall as the only thing protecting it. But I think
> if you want anything more sophisticated, some sort of seperate device
> is the way to go.
So what about a virtual box as a firewall? That virtual box may have
less on it but it exists in the same physical box as everything else.
Doesn't the virtualization mean that there is one more thing that could
have a vulnerability?
In general, I agree with you and with old boxes being free it makes
sense that once one has more than a couple of boxes to have a spare box
as a firewall.