Hello,
Basically all my internet facing services are placed in separate thick jails. Not only to prevent dependency issues but also to improve security. My idea is that if one of the services is compromised (think poorly programmed php website) it will not affect the other services, let alone the host.
Now I was wondering which network option will give the best security in case an attacker gains access to a jail.
As far as I know these options are available (correct me if I am wrong):
- Create a loopback interface e.g. lo1 on the host and hook the jail up to the loopback interface
- Add an alias to the hosts network interface and use the alias in the jail
- Using vnet on the host and give the jail the vnet b interface
- Using vnet on a bridged (loopback) interface of the host
Requirement is that the jail is capable of having one ip4 and at least one ip6 address.
From all of the options the vnet jail sounds very tempting as it almost resembles a virtual machine with its own network stack.
However: in case a jail is compromised the attacker may possibly gain root access.
How difficult is it for the attacker to follow his way before the attack is detected and more damage can be prevented?
In case of a vnet the attacker may gain access to the network because he has full access to all settings in /etc/rc concerning network.
In case of an alias / loopback the attacker will be limited to the existing network parameters the jail provides.
Dividing the internet facing jails into different subnets for each type of service / customer will probably benefit in limiting the attack.
How does choosing the type of network for these jails improve security (in case of a successful attack ).
What are your ideas?
Basically all my internet facing services are placed in separate thick jails. Not only to prevent dependency issues but also to improve security. My idea is that if one of the services is compromised (think poorly programmed php website) it will not affect the other services, let alone the host.
Now I was wondering which network option will give the best security in case an attacker gains access to a jail.
As far as I know these options are available (correct me if I am wrong):
- Create a loopback interface e.g. lo1 on the host and hook the jail up to the loopback interface
- Add an alias to the hosts network interface and use the alias in the jail
- Using vnet on the host and give the jail the vnet b interface
- Using vnet on a bridged (loopback) interface of the host
Requirement is that the jail is capable of having one ip4 and at least one ip6 address.
From all of the options the vnet jail sounds very tempting as it almost resembles a virtual machine with its own network stack.
However: in case a jail is compromised the attacker may possibly gain root access.
How difficult is it for the attacker to follow his way before the attack is detected and more damage can be prevented?
In case of a vnet the attacker may gain access to the network because he has full access to all settings in /etc/rc concerning network.
In case of an alias / loopback the attacker will be limited to the existing network parameters the jail provides.
Dividing the internet facing jails into different subnets for each type of service / customer will probably benefit in limiting the attack.
How does choosing the type of network for these jails improve security (in case of a successful attack ).
What are your ideas?