xen-users

[Top] [All Lists]

Re: [Xen-users] Best way to use Xen to segment & protect

from [Nick Anderson]

[Permanent Link][Original]

To:	Rick Flower <rickf@xxxxxxxxxxxxx>
Subject:	Re: [Xen-users] Best way to use Xen to segment & protect
From:	Nick Anderson <nick@xxxxxxxxxxxx>
Date:	Tue, 17 Feb 2009 14:55:52 -0600
Cc:	"xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Tue, 17 Feb 2009 12:56:40 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<481F5E65-E562-413F-8D2C-5B1F698D6E66@xxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<481F5E65-E562-413F-8D2C-5B1F698D6E66@xxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.18 (2008-05-17)

On Tue, Feb 17, 2009 at 12:06:53PM -0800, Rick Flower wrote:
> Hi all...
> I'm a Xen newbie and was wondering about the merits of using Xen to  
> segment off my private data from the prying eyes & fingers of Apache/PHP 
> hackers (something that bit me recently).  If I create several DOM's -- 
> one for Apache, 1 for mail, 1 for pgsql and 1 for my private data, is 
> that a good way to ensure that IF someone gets around Apache ( for 
> instance) that my private data will not be compromised?  The server I've 
> got is a quad Xeon Proliant running FC6
> MTIA!!
> -- Rick
It would make it just as secure as having it on a separate machine.
However if your dom0 was compromised there is nothing standing in the
way to compromise all domUs. Also if there are ever any domU root
escalation issues someone attacking through your webserver would be
able to escalate to dom0 and then have access to all of your virtual
machines.
-- 
Nick Anderson <nick@xxxxxxxxxxxx>
http://www.cmdln.org

signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Best way to use Xen to segment & protect, Rick Flower Re: [Xen-users] Best way to use Xen to segment & protect, Nick Anderson <= Re: [Xen-users] Best way to use Xen to segment & protect, Rick Flower Re: [Xen-users] Best way to use Xen to segment & protect, Nick Anderson Re: [Xen-users] Best way to use Xen to segment & protect, weiming Re: [Xen-users] Best way to use Xen to segment & protect, Rick Flower Re: [Xen-users] Best way to use Xen to segment & protect, Simon Hobson

Previous by Date:	[Xen-users] Best way to use Xen to segment & protect, Rick Flower
Next by Date:	Re: [Xen-users] Unable to set system clock on domU, Daniel Bareiro
Previous by Thread:	[Xen-users] Best way to use Xen to segment & protect, Rick Flower
Next by Thread:	Re: [Xen-users] Best way to use Xen to segment & protect, Rick Flower
Indexes:	[Date] [Thread] [Top] [All Lists]