Skip to Content.
Sympa Menu

cacert-sysadm - Using VMs for hi-sec tasks

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Using VMs for hi-sec tasks


Chronological Thread 
  • From: Ian G <iang AT cacert.org>
  • To: cacert-board AT lists.cacert.org
  • Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
  • Subject: Using VMs for hi-sec tasks
  • Date: Sun, 28 Mar 2010 10:25:02 +1100
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none

On 28/03/2010 02:32, Ernie wrote:
-----Original Message-----
From: Ian G 
[mailto:iang AT cacert.org],
 Sent: Saturday, March 27, 2010 8:38
AM

To my mind, high security tasks should never be done on VMs.

It is.


The problem is that the VM barrier is a little porous, there is code you can download to trick through the barrier under circumstances. Where it is at I don't know, but it's one of those "difficult to say no" areas.


And since methods are possible, that you can monitor independent what each
user has done on the system, seen on his display, at which time and date,
also the legal-aspect is covered (it's not a logfile only)


OK, that could be useful. I haven't heard of that, which systems facilitate that?

(However, this presumably covers the console access, not the logical / SSH access.)

CC'd to cacert-sysadm for their comments.

iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.16.

Top of Page