Re: [fw-wiz] Virtualization and firewalling?



The only firewall virtualization I have seen is VSX, Crossbeam, and
Shasta, but I don't know of any host-based solution per-se. Is there some
issue I'm missing (since I have not tried this myself) installing some
centrally managed host-based FW/IPS on VM's?

On Sun, 18 Mar 2007, Paul D. Robertson wrote:

On Sun, 18 Mar 2007, Robby Cauwerts wrote:

Now we're starting to see a big push for hardware virtualization, is
anyone seeing a move to per-virtual-system firewalling on the hosting OS?


This is already available for years on the firewall market.
Check Point VSX (If money is no problem), Cisco ASA with their security
contexts, ....

Aren't these just a way of packaging rules on an appliance rather than
providing access control on a hosting OS? While there's likely to be some
immediate benefit from appliances if you do moving of guests around the
same physical subnet, that's not going to scale to moving to alternate
locations very well, where you're going to need the hosting OS anyway.

Also, as we get to things like the newer Linux KVM, won't we start to see
the ability to compratment based on the hosting system being part of the
TCB?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



--
Carric Dooley
COM2:Interactive Media USA
http://www.com2usa.com


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards