|
|
|
|
|
|
|
|
|
|
xen-users
RE: [Xen-users] Security audits and compliances
-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of bbmailing@xxxxxx
Sent: Wednesday, August 06, 2008 10:47
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Security audits and compliances
<snip>
Lets have an additional example to discuss: There are two networks that are
generally not allowed to be directly connected to one physical machine. What
about creating two driver domains on one physical host both having a
dedicated NIC connected to one of these networks. The resulting security
rule could be that the virtual machines are never allowed to use both driver
domains. Do you think this would work out in a security audit?
<snip>
-----Reply-----
This would probably depend who was doing what security audit. For instance,
in some security audits, the fact that an internal person could use both
driver domains in spite of rules against doing so might be unacceptable. In
another, the fact that Dom0 could potentially be compromised if a DomU was
compromised might be unacceptable, as this could allow an outside attacker
into the protected internal domain (even if they then had to compromise
another DomU from the Dom0, which I would argue would not even be
necessary). Obviously, if it is unacceptable to have a router between these
two networks, having something that could function as a router wouldn't be
acceptable regardless. In a simple security audit, these things might not
matter, but they still might be worth considering in regards to
responsibility and/or liability. That's my simple 2 cents,
Dustin
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|