Adam Thompson athompso@athompso.net wrote:
[snip]
Personally, I trust VM programmers to get patches out quickly, and I trust the paranoiacs to blatt about news of any new compromise, enough to be willing to do the sort of thing you're talking about.
(Having said that, although I'm *willing* to, I will note that I *don't* do so in real life.)
The one aspect to it, though, is that compromise of the hypervisor essentially means instant, complete, utter, irreversible compromise of *all* the VMs (including non-running disk images!) that server has direct access to. That is a little bit worrisome.
I think the salient point here is that you can do these things, if you're willing to do them in an intelligent fashion. So, you monitor the host like you would monitor the guest you care most about, and avoid exposing the host unnecessarily. Also, keep that "everything exposed if any one piece is" idea in mind when deciding what may work well together on one physical host.
On that *other* topic, compliance issues concerned with things like PCI at least help drive home the need for some wide-ranging security efforts to the business folks, because it is tied to how they make their money. Anyone believing that compliance will eliminate the possibility of a breach should be corrected ASAP, but making an effort means that the business is more likely to know they got owned, and understand that they need to do something about it. In the interest of disclosure, I should mention that I am a QSA.... probably a pain in the ass for those needing help, but hopefully neither clueless nor evil. Well, the lesser evil anyway. Nobody likes being told they can't do something. <grin>
Cheers, Tim