For those that have missed it:
A very good indicator as to why using virtualisation to provide security isn't a good approach ;)
rsw686 last edited by
The vulnerability is on the shared folder feature. It seems to me that if security was a great concern you wouldn't be using that feature to begin with. You would be used NFS, SMB, etc from the virtual machine to the file server. But yeah I see your point.
YoMarK last edited by
I see you point, but using Vmware Workstation isn't really a good secure base to begin with.
Every connection(like shared folders, only works with windows) between Host en Guest system is a risk. Even the Vmware tools could be a risk.
I'm using Vmware ESX and pfSense as firewall(pfSense connected to the internet), and I don't see why it's not as secure as a physical box. Note: I'm not using virtualisation to provide security(a wrong approach), pfSense does that part.
Guest last edited by
The larger point that everyone seems to miss is that this is just the tip of the iceberg. Theo Deraadt (read: smarter security guy than all of us combined) has already come out to say that running important systems (like firewalls) virtually is a very bad idea from a security standpoint. People are fallible, the guys writing virtualization software aren't security experts, and there will absolutely be vulnerabilities found in ESX. Running pfSense in production virtually is a very bad idea.
And it's not just VMWare (though obviously I picked upon it when I started this thread). The problem with any virtualisation solution is that it introduces another layer of complexity, more code that can contain exploitable vulnerabilities.
It should always be expected that it is possible to break out of any virtual system to the underlying host. As such using virtualisation for any security enforcement platform comes with risks.
YoMarK last edited by
It's not like there is an extra ISO layer or something like that added by using virtualisation.
When using for example pfSense as a firewall on a ESX box, the only things provided to the "unclean" side is the MAC-address and IP from the virtual WAN interface from pfSense. The "clean" side is connected to LAN, just like normal firewall setup.
It should always be expected that it is possible to break out of any virtual system to the underlying host.
True, but you have to break pfSense's security(in this case) first, right?
No, that's the point. All you have to do is break the security of the virtualisation layer, which may be easier with local/interactive access to the pfSense host, but it won't be required.
For instance, take a look at the vulnerability found in the MacOS wireless layer (last year ISTR). That kind of approach would allow somebody to target a (theoretical) vulnerability in the VMWare networking layer, completely bypassing the pfSense (or other OS) install to gain access to the underlying host.
This has been discussed in depth on various forums and mailing lists - if you're really interested go look at the paper written by Theo (as mentioned by submicron).