WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Security audits and compliances

To: <bbmailing@xxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Security audits and compliances
From: "Ross S. W. Walker" <RWalker@xxxxxxxxxxxxx>
Date: Wed, 6 Aug 2008 11:46:12 -0400
Cc:
Delivery-date: Wed, 06 Aug 2008 08:46:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: normal
In-reply-to: <1414280942@xxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Priority: normal
References: <1414280942@xxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acj302FA7OUR6eLVRCaCK6fwnWN5gwABkYiQ
Thread-topic: [Xen-users] Security audits and compliances
bbmailing@xxxxxx wrote:
> 
> Hey guys,
> 
> I was just looking into some standards concerning the 
> certification of critical computer systems in general when I 
> thought about how this relates to virtualization. Is there 
> anyone out there who has experiences with security audits for 
> Xen like PCI-DSS? Or to put it as a general question: does 
> virtualization matter? I think its a pretty interesting 
> question - how is the isolation between virtual machines 
> accepted with regards to security compliances?

Don't have PCI compliance experience, but I do have some
GLBA compliance experience.

> Lets have an additional example to discuss: There are two 
> networks that are generally not allowed to be directly 
> connected to one physical machine. What about creating two 
> driver domains on one physical host both having a dedicated 
> NIC connected to one of these networks. The resulting 
> security rule could be that the virtual machines are never 
> allowed to use both driver domains. Do you think this would 
> work out in a security audit?

For security, compliance or no compliance, dom0 must be treated
as a highly privileged and highly secure resource that only
a select group of individuals have access to, preferably a
group of individuals who do not have access to the domUs or
the applications that run within.

In the real world that kind of segregation of duties is hard
to attain, but all attempts must be made to try and reach
that goal. Limiting who from the admin group has the rights
to administer the virtual machine servers and by protecting
access to dom0 with local firewall, reducing attack surface
by limiting services running, assuring communications with
it are encrypted (ssh, ssl), and for domUs containing
customer information, if possible encrypting the storage
with an encryption key that only the domU admins know...

As far as network connectivity is concerned, the network
configuration and topology need to be internally
published so they can go under peer review for accuracy
and are available to auditors for review as well, but as
long as the traffic is segregated as it needs to be,
whether logically via vlans or physically over separate
NICs, it doesn't really matter.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>