[Info-vax] Baremetal emulators, was: Re: Alpha emulator for OSX
Kerry Main
kerry.main at backtothefutureit.com
Wed Feb 10 08:50:19 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at info-vax.com] On Behalf Of
> Chris Scheers via Info-vax
> Sent: 09-Feb-16 8:54 PM
> To: info-vax at info-vax.com
> Cc: Chris Scheers <chris at applied-synergy.com>
> Subject: Re: [New Info-vax] Baremetal emulators, was: Re: Alpha
> emulator for OSX
>
> Stephen Hoffman wrote:
>
> > As for the more general issues. there's also that somebody — AVT
> most
> > likely, for this case — now has to maintain that Linux stack underneath
> > the emulation. With the more traditional definition of "bare metal",
> > the only product patches that are necessary are specific to emulator
> > issues. With the AVT distros, you're still going to need Linux network
> > stack and IP stack and kernel patches, probably also patches related to
> > TLS (as the network connections are or should be encrypted) and
> maybe
> > certificate updates, and those patches associated with any of the active
> > management or logging services or other ports that might be open
> within
> > the Linux portion of the stack.
>
> It's not necessary for a "near bare metal" OS beneath an emulation to
> even have a stack to maintain. There are many advantages to not having
> one.
>
> Done correctly, the underlying OS is just used as a hardware abstraction
> layer. It does not need a network stack. It just needs a way, e.g.,
> PCAP, to allow the emulation access to the network card. Then all
> packets on the wire actually go to/from the emulation and never touch
> the underlying OS.
>
> Where the underlying OS is never exposed to the external world, I don't
> see a big need for updates.
>
> Of course, you do need to ensure that the underlying OS is indeed not
> exposed.
>
Let's not forget that the biggest issue on most security folks these days
is how to stop internal threats, so if an OS is accessible in any way from
the internal network (monitoring?), or even if USB's are used, then it
needs to be protected and installing applicable security patches on a
regular basis is not something to be ignored.
SCADA security issues in the press come to mind ...
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list