Re: VMWare and Security
From: Rik Bobbaers (Rik.Bobbaers_at_cc.kuleuven.ac.be)
Date: 04/26/05
- Previous message: Mike Miller: "Re: VNC Security"
- In reply to: P.B. Wagenaar: "RE: VMWare and Security"
- Next in thread: thomas seclists: "Re: VMWare and Security"
- Reply: thomas seclists: "Re: VMWare and Security"
- Reply: Gene Yoo: "Re: VMWare and Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Tue, 26 Apr 2005 15:08:37 +0200
On Monday 25 April 2005 12:12, P.B. Wagenaar wrote:
> As far as I know, ESX uses it's own OS and does not run on top of Windows
> i.e. (GSX is the version that runs on a host layer).
>
> So the ESX version uses its own virtualization layer. This could be
> considerd to be an Operating System right? And there are no security issues
> with this? What if someone starts writing an exploit for the ESX
> virtualization layer? Like a malformed TCP packet? The virtual machine (ie.
> Windows server 2003) might have no problems with the malformed packet, but
> it passes through the virtualization layer first. I am not saying that
> there is something wrong with this approach or that is less secure or
> whatever. I am just asking if all operating systems have had security
> related bugs, what are the chances the ESX has to go through this cycle
> also? And how would a security issue in the virtualization layer affect the
> virtual machines running on it?
>
> Once again, vmware is a great product in my eyes, and I can not see
> anything that is wrong with it being not begin secure or something. But if
> you can consider ESX to be an OS (like linux and windows), and most OS have
> had security issues at one time or another, how should an organization
> treat a new OS like ESX?
let's put it different...
ESX is a RedHat linux which is tuned by the vmware people...
but what do the vmware people do to improve security on ESX?
i think esx 2.5 sitll runs kernel 2.6.5 (iirc).
i'd like to add another question... what's the advantage of ESX to GSX?
(maintenance of a linux machine is peanuts, so that doesn't count ;))
-- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@cc.kuleuven.ac.be -=- http://harry.ulyssis.org ASCII stupid question, get a stupid ANSI!
- Previous message: Mike Miller: "Re: VNC Security"
- In reply to: P.B. Wagenaar: "RE: VMWare and Security"
- Next in thread: thomas seclists: "Re: VMWare and Security"
- Reply: thomas seclists: "Re: VMWare and Security"
- Reply: Gene Yoo: "Re: VMWare and Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
