|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Xen Security
On Friday 16 July 2010 09:05:43 Jonathan Tripathy wrote:
> Hi Vern,
>
> So you think I should just set up my networking properly and forget
> about the rest? Do you feel it ok to share the same Xen host with
> internal VMs with public VMs?
>
> Thanks
>
> On 16/07/10 02:10, Vern Burke wrote:
> > I have no idea how you could actually PROVE that there's no possible
> > way someone could break out of a dom U into the dom 0. As I've written
> > before, since Xen is out and about in such a large way (being the
> > underpinning of Amazon EC2) that if there was a major risk of this,
> > we'd have seen it happen already.
> >
> > Vern Burke
> >
> > SwiftWater Telecom
> > http://www.swiftwatertel.com
> > ISP/CLEC Engineering Services
> > Data Center Services
> > Remote Backup Services
> >
> > On 7/15/2010 7:07 PM, Jonathan Tripathy wrote:
> >> On 15/07/10 23:49, Jonathan Tripathy wrote:
> >>> Hi Everyone,
> >>>
> >>> My Xen host currently run DomUs which contain some very sensitive
> >>> information, used by our company. I wish to use the same server to
> >>> host some VMs for some customers. If we assume that networking is set
> >>> up securely, are there any other risks that I should worry about?
> >>>
> >>> Is Xen secure regarding "breaking out" of the VM?
> >>>
> >>> Thanks
> >>>
> >>> _______________________________________________
> >>> Xen-users mailing list
> >>> Xen-users@xxxxxxxxxxxxxxxxxxx
> >>> http://lists.xensource.com/xen-users
> >>
> >> I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the way.
> >>
> >> _______________________________________________
> >> Xen-users mailing list
> >> Xen-users@xxxxxxxxxxxxxxxxxxx
> >> http://lists.xensource.com/xen-users
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
The "distance" in between the hosts should be maximized, being a seperate
routed networks, seperate storage etc to have the risks minimized.
Personally, I would not mix the two, unless having spent a LOT of time in
isolating things, just as you would do with two physical hosts.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|