You are not logged in.
- Topics: Active | Unanswered
#1 2010-02-05 21:00:55
- pseudonomous
- Member
- Registered: 2008-04-23
- Posts: 349
How does Virtualization affect Server Security?
Hello Everybody,
I was wondering if anybody would be gracious enough to give me some advice or just point me to some sources of further information relating to my situation:
I've acquired an old server that I'd like to setup up for personal use, partially as a learning experiance but also, eventually, to actually provide some small scale services for 4 computer LAN, and run a few internet accessible services (definately ssh, possibly a small scale web server and mail server, maybe a git repository) Since I'm going to open some services up to the interne/think I'd like to secure the server as much as I can, within reason. A lot of what I've read on the subject suggests seperating resources as much as possilbe, but it is not very practical for me to run multiple servers, so I'm wondering:
Would virtualizing machines to run different services provide enough of a security benifit to make it worthwhile to take the consequent perfomance hit entailed by virtualization? My potential server is an older machine, it has a single PIII cpu cloacked around 733Hz, it has, of course, no hardware support for virtualization and only 356 M of ddr100 ram (which I could, in principle, upgrade to 512, but I don't thin the motherboard supports more than this)
I'm pretty sure, w/o virtualization that the machine can handle the stuff I want it do, and it probably will handle it all, though with increased latency, running internal served stuff on the host OS and running internet visable stuff in a vm, but I'm not sure how much of a security improvement this would actually be (I've heard many parenthetic suggestions that virtualization provides essentially no security benifit becuase the virtualized guest still has large privilages to access the host hardware). If anybody could assist me in educating myself on the topic, I'd appreciate this.
Offline
#2 2010-02-06 13:31:49
- theslainman
- Member
- Registered: 2008-11-07
- Posts: 8
Re: How does Virtualization affect Server Security?
You could take a look at lxc or linux vserver if you only want to run linux.
Offline
#3 2010-02-10 13:34:52
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: How does Virtualization affect Server Security?
Virtualization will only cripple your system as the system is too slow, and has low RAM. i would recommend that you do not use virtualization, at least until u can get some 1 GB ram, or have a processor > 2 GHz, a system with this configuration will be able to work, otherwise the VM's themselves will be too slow.
I Personally am using a 1Ghz old Pentium III CPU with 256 MB ram for my ADSL connection, i have also installed the specific servers such as Squid, DNS, DHCP and MySQL on it, and the machine works perfectly fine for my 5 computer LAN, but i m sure that it can handle more.
As For security, a properly setup server with restricted user environment for each server service and a properly configured firewall are more that enough for security, but if you still want to limit resource usage, you can use the cpulimit package which works wonders when u have a service taking cpu time from other services.
Offline
#4 2010-02-10 21:08:56
- pseudonomous
- Member
- Registered: 2008-04-23
- Posts: 349
Re: How does Virtualization affect Server Security?
For security, a properly setup server with restricted user environment
By this do you mean to suggest chrooting the various services? Or do you just mean to lock down user permissions for non-admin users on the server? (both are good ideas, I suppose)
Thanks for the tip on cpu limit, I will check the package out.
Offline
#5 2010-02-11 13:03:35
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: How does Virtualization affect Server Security?
Just use restricted accounts for each service, such as proxy user for squid, dns user for dnsmasq etc, this will be quite enough in terms of security (if you have configured correctly)
Offline
#6 2010-02-11 18:30:04
- rwd
- Member
- Registered: 2009-02-08
- Posts: 664
Re: How does Virtualization affect Server Security?
You can make a linux server very secure without virtualization. I found this an interesting overview for how to secure a unix-like server and often used services. It's aimed at corporate sysadmins, so some of it is overkill for a home situation, but still useful.
Last edited by rwd (2010-02-11 19:07:10)
Offline