WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] RE: If a DomU was compramised..

To: <matt@xxxxxxxxxxxxxxxxxx>, <vburke@xxxxxxxx>
Subject: RE: [Xen-users] RE: If a DomU was compramised..
From: Jeff Sturm <jeff.sturm@xxxxxxxxxx>
Date: Thu, 20 May 2010 12:25:36 -0400
Cc: xen-users-bounces@xxxxxxxxxxxxxxxxxxx, Jonathan Tripathy <jonnyt@xxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 20 May 2010 09:27:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <319c2e5b66d09eeea2db5ea10b7e5461.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F061FD0@xxxxxxxxxxxxxxxxxxx><5DB0519124BB3D4DBEEB14426D4AC7EA17E924DAF8@xxxxxxxxxxxxxxxxxxxxx><46C13AA90DB8844DAB79680243857F0F061FD3@xxxxxxxxxxxxxxxxxxx><60154c577b6ed8a864e1178d234da21d.squirrel@xxxxxxxxxxxxxxxxxxxxxx><46C13AA90DB8844DAB79680243857F0F061FD5@xxxxxxxxxxxxxxxxxxx><30b387284de5988cb98227695ccb5339.squirrel@xxxxxxxxxxxxxxxxxxxxxx><46C13AA90DB8844DAB79680243857F0F061FD9@xxxxxxxxxxxxxxxxxxx><292698811-1274370456-cardhu_decombobulator_blackberry.rim.net-2007909532-@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <319c2e5b66d09eeea2db5ea10b7e5461.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acr4NREwTOwsgv3bRF+O3Bo2oItA6AAApUfQ
Thread-topic: [Xen-users] RE: If a DomU was compramised..
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Matthew Law
> Sent: Thursday, May 20, 2010 11:55 AM
> To: vburke@xxxxxxxx
> Cc: xen-users-bounces@xxxxxxxxxxxxxxxxxxx; Jonathan Tripathy; xen-
> users@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-users] RE: If a DomU was compramised..
> 
> I agree with Vern although I would go as far as to say that even with
> exceptionally good security and admin practices in place I think that
if
> someone really wants to get in and has the skill, they will,
eventually.

Indeed.  The security of any host tends to be only as good as the
network, storage device, and physical facilities.  If you can compromise
any of those, then little else matters.

I don't think virtualization has much to do with this argument.  Most
data centers have some systems in place for remote access, such as KVM
over IP, and it seems certain these have also been targeted for
vulnerabilities.  I don't have any technical basis to trust a hypervisor
less than a serial console or KVM.

-Jeff



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users