WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] If Dom0 was compramised

from [Jonathan Tripathy] [Permanent Link][Original]
To: <Xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] If Dom0 was compramised
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Thu, 20 May 2010 11:39:25 +0100
Cc:
Delivery-date: Thu, 20 May 2010 03:40:54 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F061FCD@xxxxxxxxxxxxxxxxxxx> <4BF5099F.3000500@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acr4BLb2wrmo1Q1xRgOZULGi2DBbLwAApjri
Thread-topic: [Xen-users] If Dom0 was compramised
What if I were to use this setup:
 
 
In a nutshell, run a firewall ina DomU and delegate a physicaal NIC to it (The physical NIC would have a public IP from the ISP).
Then, connect the other vifs from the firewall DomU to a bridge, which eventually connects to the LAN
 
Is this secure? I could disable ssh etc. in Dom0 and just use an old school monitor connected to the server. Is this as safe as it could be?
 
Thanks
 
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Olivier B.
Sent: Thu 20/05/2010 11:06
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] If Dom0 was compramised

I'm not an expert, but Dom0 have access at least to the disk, the network trafic, and memory thought "xm save".
Well, it seem to be a full access no ?

Olivier

Le 20/05/2010 11:53, Jonathan Tripathy a écrit :
Hi Everyone,
 
If Dom0 were to get compramised, how bad would this be? How much access to the DomUs does Dom0 have?
 
Trying to build a strong security network here
 
Many Thanks
 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] If Dom0 was compramised, Fajar A. Nugraha
Next by Date:  Re: [Xen-users] how to convert QEMU images to be used as Xen DomU's, Tapas Mishra
Previous by Thread:  Re: [Xen-users] If Dom0 was compramised, Olivier B.
Next by Thread:  [Xen-users] If a DomU was compramised.., Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy