On Sun, 18 Mar 2007, Robby Cauwerts wrote:
> > Now we're starting to see a big push for hardware virtualization, is
> > anyone seeing a move to per-virtual-system firewalling on the hosting OS?
>
>
> This is already available for years on the firewall market.
> Check Point VSX (If money is no problem), Cisco ASA with their security
> contexts, ....
Aren't these just a way of packaging rules on an appliance rather than
providing access control on a hosting OS? While there's likely to be some
immediate benefit from appliances if you do moving of guests around the
same physical subnet, that's not going to scale to moving to alternate
locations very well, where you're going to need the hosting OS anyway.
Also, as we get to things like the newer Linux KVM, won't we start to see
the ability to compratment based on the hosting system being part of the
TCB?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|