cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Ian G <iang AT cacert.org>
- To: cacert-board AT lists.cacert.org
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Subject: Using VMs for hi-sec tasks
- Date: Sun, 28 Mar 2010 10:25:02 +1100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
On 28/03/2010 02:32, Ernie wrote:
-----Original Message-----AM
From: Ian G
[mailto:iang AT cacert.org],
Sent: Saturday, March 27, 2010 8:38
To my mind, high security tasks should never be done on VMs.
It is.
The problem is that the VM barrier is a little porous, there is code you can download to trick through the barrier under circumstances. Where it is at I don't know, but it's one of those "difficult to say no" areas.
And since methods are possible, that you can monitor independent what each
user has done on the system, seen on his display, at which time and date,
also the legal-aspect is covered (it's not a logfile only)
OK, that could be useful. I haven't heard of that, which systems facilitate that?
(However, this presumably covers the console access, not the logical / SSH access.)
CC'd to cacert-sysadm for their comments.
iang
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Using VMs for hi-sec tasks, Ian G, 03/27/2010
Archive powered by MHonArc 2.6.16.