WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Security audits and compliances

To: <bbmailing@xxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Security audits and compliances
From: "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx>
Date: Wed, 6 Aug 2008 11:18:43 -0400
Cc:
Delivery-date: Wed, 06 Aug 2008 08:19:26 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1414280942@xxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: PRD, Inc.
References: <1414280942@xxxxxx>
Reply-to: Dustin.Henning@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acj302hLCLt1vCMKQRedytXRVu2pCgAAywGg
-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of bbmailing@xxxxxx
Sent: Wednesday, August 06, 2008 10:47
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Security audits and compliances

<snip>

Lets have an additional example to discuss: There are two networks that are
generally not allowed to be directly connected to one physical machine. What
about creating two driver domains on one physical host both having a
dedicated NIC connected to one of these networks. The resulting security
rule could be that the virtual machines are never allowed to use both driver
domains. Do you think this would work out in a security audit?

<snip>

-----Reply-----

This would probably depend who was doing what security audit.  For instance,
in some security audits, the fact that an internal person could use both
driver domains in spite of rules against doing so might be unacceptable.  In
another, the fact that Dom0 could potentially be compromised if a DomU was
compromised might be unacceptable, as this could allow an outside attacker
into the protected internal domain (even if they then had to compromise
another DomU from the Dom0, which I would argue would not even be
necessary).  Obviously, if it is unacceptable to have a router between these
two networks, having something that could function as a router wouldn't be
acceptable regardless.  In a simple security audit, these things might not
matter, but they still might be worth considering in regards to
responsibility and/or liability.  That's my simple 2 cents,
        Dustin



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>