Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-10-2006, 04:21 PM
|
#1
|
Member
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 649
Rep:
|
Virtualization and Routers for Online Security
Hi everyone,
I am about to jump into "virtualization" via VMware Server 1.0.1. I have read that each "virtualized" OS acts independently so if one goes it should not impact the others. My understanding is that a virtual guest OS, such as a virtual guest Win2k or virtual guest Linux, would still be vulnerable to the virus, etc that would impact a "real" Win2k or "real" linux.
This made a light bulb go on in my head, as well as a question mark. I believe every OS, real or virtual, should have firewall protection. I intend to have my host OS (Linux MEPIS) use VMware Server 1.0.1 to create 2 virtual guest OS (a. Win2k and b. 1 other Linux distro).
Thus, I would effectively have 3 OS in operation: My host (Linux MEPIS) and 2 virtual guest OS. Instead of messing with a firewall for each of the 3 OS, is it possible to simply buy a router to act as a firewall for all 3 OS, simultaneously?
If yes, then would the fact that one OS is "real" and two are "virtual" complicate router configuration or router effectiveness?
If no, then what are my options?
FYI: No wifi is involved, this is all "old fashion" wired broadband.
Thanks!
|
|
|
12-11-2006, 07:03 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
I believe every OS, real or virtual, should have firewall protection. (..)
Instead of messing with a firewall for each of the 3 OS
Here you're contradicting yourself. Anyway. Think "defense in depth".
Avoid single points of failure, allow multiple points of access control.
One firewall (device) good, more firewalls better.
|
|
|
12-11-2006, 11:57 AM
|
#3
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Firewalls are not only to protect "intenal" hosts from "external" attacks, but also to protect each internal host from the other. You still need firewalls on the virtual OSs to make sure the other hosts on the same network don't attack them. This drastically reduces the chances that one idiot user will cause your entire network to be infected.
|
|
|
12-11-2006, 06:04 PM
|
#4
|
Member
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 649
Original Poster
Rep:
|
So I should
So I should have a separate firewall for each OS? For example, one for my host OS (Linux MEPIS) and one for a virtual guest Win2k or XP and one for a virtual guest linux some-random-distro?
I was always under the impression that running more than one firewall was a bad idea, like running more than one anti-virus was a bad idea. For example, if you buy and install a 3rd party firewall for XP, it is usually a good idea to turn off the firewall that comes with XP.
Does my impression not apply here, or is there more to it?
Thanks again.
|
|
|
12-11-2006, 07:52 PM
|
#5
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Quote:
Originally Posted by MBA Whore
So I should have a separate firewall for each OS? For example, one for my host OS (Linux MEPIS) and one for a virtual guest Win2k or XP and one for a virtual guest linux some-random-distro?
|
Yes, absolutely.
Quote:
I was always under the impression that running more than one firewall was a bad idea, like running more than one anti-virus was a bad idea. For example, if you buy and install a 3rd party firewall for XP, it is usually a good idea to turn off the firewall that comes with XP.
Does my impression not apply here, or is there more to it?
|
That's because running two programs that interact deeply with the kernel to do the same thing, at the same time, can have unpredictable results. That is inside a single OS, though. You're running 3 different OSs. Each one needs a firewall and they won't conflict with each other.
|
|
|
12-13-2006, 02:01 PM
|
#6
|
Member
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 649
Original Poster
Rep:
|
Thanks for the
Quote:
Originally Posted by chort
Yes, absolutely.
That's because running two programs that interact deeply with the kernel to do the same thing, at the same time, can have unpredictable results. That is inside a single OS, though. You're running 3 different OSs. Each one needs a firewall and they won't conflict with each other.
|
Thanks for the clarification.
|
|
|
All times are GMT -5. The time now is 09:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|