Comment on [deleted]
MigratingtoLemmy@lemmy.world 7 months agoWould you have to compromise on your security according to your threat model if you ran VMs rather than dedicated devices? I’m no security engineer and I don’t know if KVM/QEMU can fit everyones needs, but AWS uses XCP-ng, and unless they’re using a custom version of it, all changes are pushed upstream. I’d definitely trust AWS’ underlying virtualisation layer for my VMs, but I wonder if I should go with XCP or KVM or bhyve.
This is my personal opinion, but podman’s networking seems less difficult to understand than Docker. Docker was a pain the first time I was reading about the networking in it.
Really like your setup. Do you have any plans to make it more private/secure?
easeKItMAn@lemmy.world 7 months ago
I used VMs some time ago but never managed to look deeper into separation of base vs VMs. Hence I can’t assess this reasonably.
Docker got me interested when it started and after discovering its networking capabilities I never looked back.
Basically I’m trying to minimize the possibility that by intercepting one dockerized service the attacker is able to start interacting with all devices. And I have lots of devices because of a fully automated house. ;) My paranoia will ensure the constant growth of privacy and security :)