[Nolug] Fwd: Re[6]: [Hou-freebsd] Semi-relevant VMWare question

From: Dustin Puryear <dustin_at_puryear-it.com>
Date: Wed, 11 Apr 2007 02:33:59 -0500
Message-ID: <695673742.20070411023359@puryear-it.com>

I thought this was an interesting thread..

This is a forwarded message
From: Dustin Puryear <dustin@puryear-it.com>
To: "Chris Lalos" <chris.lalos@gmail.com>
Date: Tuesday, April 10, 2007, 11:07:00 AM
Subject: [Hou-freebsd] Semi-relevant VMWare question

===8<==============Original message text===============
  
  
That's a good idea. Now, whether FreeBSD drivers are any "safer" is a
good question, but at least we know there are fewer people attacking
it.
 

 
I like the whole idea of Parallels and the seamless window experience
(ala Citrix). That's going to make running a non-Windows system while
maintaining your Windows applications real easy. (I touched on this
at http://www.techevangelism.com/2007/04/09/a-linux-consultants-not-so-linux-desktop/%a0.)
 

 

---
 
Puryear Information Technology, LLC
 
Baton Rouge, LA * 225-706-8414
 
http://www.puryear-it.com
 
 
Author:
 
  "Best Practices for Managing Linux and UNIX Servers"
 
  "Spam Fighting and Email Security in the 21st Century"
 
 
Download your free copies:
 
  http://www.puryear-it.com/publications.htm
 
 
 
Tuesday, April 10, 2007, 8:48:49 PM, you wrote:
 
 
   
>
   
I wonder if this is an argument for going in the other direction: having a FreeBSD Host CPU where you run Windows as a guest OS. So you can use windows for all your desktop faves but all the 'real stuff' would be FreeBSD, and thus less likely to be effectively attacked (presumably). 
 
 
- C
 
 
 
On 4/10/07, Dustin Puryear <dustin@puryear-it.com> wrote:
 
No, a jail would not help.
 
 
As far as how to protect against this (assuming the device driver
 
itself is vulnerable), it depends on where the device driver runs and
 
whether the kernel is sufficiently paranoid. I just googled and found 
 
an interesting mention of this issue:
 
 
http://www.schneier.com/blog/archives/2006/07/wifi_driver_att.html
 
 
I'm no expert in this area, so I'd love to hear more from others that 
 
may know more.
 
 
---
 
Puryear Information Technology, LLC
 
Baton Rouge, LA * 225-706-8414
 
http://www.puryear-it.com
 
 
Author:
 
  "Best Practices for Managing Linux and UNIX Servers" 
 
  "Spam Fighting and Email Security in the 21st Century"
 
 
Download your free copies:
 
  http://www.puryear-it.com/publications.htm
 
 
 
Tuesday, April 10, 2007, 6:47:38 PM, you wrote:
 
 
> Dustin,
 
> Would a jail be any help at all in that situation?
 
> =====
 
> Craig Wiseman
 
 
 
> At 05:25 AM 4/10/07 -0500, Dustin Puryear wrote: 
 
>>I would agree that running BSD under VMWare is going to give you some
 
>>added protection against spyware and such while surfing. However, as
 
>>far as normal "network-layer" attacks, VMWare doesn't always help. 
 
>>I've read of some attacks that specifically target your wireless
 
>>card's device driver, so the attack could potentially compromise your
 
>>actual computer before traffic is even pushed up the network stack. 
 
>>
 
>>Scary, eh?
 
>>
 
>>---
 
>>Puryear Information Technology, LLC
 
>>Baton Rouge, LA * 225-706-8414
 
>>http://www.puryear-it.com%a0
 
>>
 
>>Author:
 
>>  "Best Practices for Managing Linux and UNIX Servers"
 
>>  "Spam Fighting and Email Security in the 21st Century"
 
>>
 
>>Download your free copies: 
 
>>  http://www.puryear-it.com/publications.htm
 
>>
 
>>
 
>>Saturday, April 7, 2007, 3:53:20 PM, you wrote:
 
>>
 
>>> On 4/7/07, Chris Lalos < chris.lalos@gmail.com> wrote:
 
>>>> I'm sitting in a cafe right now (Brasil on Dunlavy and Westheimer).
 
>>>> Non-threatening yuppie hipsters, non-threatening jazz, the whole 
 
> experience.
 
>>>>
 
>>>> Someone at the next table asked me if they have Wifi here. I do not
 
> know. My
 
>>>> laptop reports an unsecured wireless network named 'dlink'. This would 
 
>>>> appear to be run by either 1) someone profoundly unknowledgeable, or 2) a
 
>>>> crook.
 
>>>>
 
>>>> Which brings me to my question . . .
 
>>>>
 
>>>> It occurs to me, that I ought to be able to run FreeBSD in a VMWare
 
> session,
 
>>>> fire up KDE or Gnome or whatever, and do my surfing from there. I could
 
>>>> connect to whatever naive looking hotspot I choose. The idea is, if this 
 
>>>> hotspot was run by a bad guy bent on attacking people who hop on the
 
>>>> network, then he'd really only be attacking my VMWare session, not my
 
> 'real'
 
>>>> laptop beneath. 
 
>>>>
 
>>>> My question is, what kind of protection does this really provide. Would he
 
>>>> really have no access to the underlying filesystems, etc? Or would it not
 
>>>> really be any protection at all. 
 
>>
 
>>> Hello Chris,
 
>>
 
>>> The VMWare session certainly provides an extra layer of protection.
 
>>> Although that layer is logical and the protection is not absolute. In 
 
>>> other words, data always flows from the host to the guest machine.
 
>>> Should an attacker find a flaw in the host's stack, the system in its
 
>>> entirety (including the guest machines) is toast. 
 
>>
 
>>> More often, the rogue access point is there to collect your network
 
>>> traffic. It's theoretically so much easier.
 
>>
 
>>> Youssef
 
>>> _______________________________________________ 
 
>>> Hou-freebsd mailing list
 
>>> Hou-freebsd@houfug.org
 
>>> http://www.houfug.org/mailman/listinfo/hou-freebsd%a0
 
>>
 
>>_______________________________________________
 
>>Hou-freebsd mailing list
 
>>Hou-freebsd@houfug.org
 
>> http://www.houfug.org/mailman/listinfo/hou-freebsd
 
>>
 
 
> _______________________________________________
 
> Hou-freebsd mailing list
 
> Hou-freebsd@houfug.org 
 
> http://www.houfug.org/mailman/listinfo/hou-freebsd
 
 
_______________________________________________
 
Hou-freebsd mailing list
 
Hou-freebsd@houfug.org
 
http://www.houfug.org/mailman/listinfo/hou-freebsd
    
  
  
===8<===========End of original message text===========

___________________
Nolug mailing list
nolug@nolug.org

Received on 04/11/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST