WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Security audits and compliances

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Security audits and compliances
From: bbmailing@xxxxxx
Date: Wed, 06 Aug 2008 16:47:13 +0200
Delivery-date: Wed, 06 Aug 2008 07:47:53 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: http://freemail.web.de/
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hey guys,

I was just looking into some standards concerning the certification of critical 
computer systems in general when I thought about how this relates to 
virtualization. Is there anyone out there who has experiences with security 
audits for Xen like PCI-DSS? Or to put it as a general question: does 
virtualization matter? I think its a pretty interesting question - how is the 
isolation between virtual machines accepted with regards to security 
compliances?

Lets have an additional example to discuss: There are two networks that are 
generally not allowed to be directly connected to one physical machine. What 
about creating two driver domains on one physical host both having a dedicated 
NIC connected to one of these networks. The resulting security rule could be 
that the virtual machines are never allowed to use both driver domains. Do you 
think this would work out in a security audit?

Looking forward to an interesting discussion...

Best regards,
Bjoern
________________________________________________________________________
Schon gehört? Bei WEB.DE gibt' s viele kostenlose Spiele:
http://games.entertainment.web.de/de/entertainment/games/free/index.html


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>