 Home |
Products |
Support |
Community |
News |
xen-users
RE: [Xen-users] Xen Security
|
I think the challenges are bigger than with separate physicals boxes. You have to approach from a theoretical point of view. It's not that because there are no breaches or exploits today, that there will never be. The theory is this: maximum seclusion is maximum security. Two separate boxes in two separate networks in let's say two separate buildings (physical security is also part of the game) will be the most secure. Xen presents an exception to this: the seclusion is created by software. In theory it is the same thing as physical seclusion, until the software fails or is compromised. Another thing is human error: you WILL make mistakes. One of those mistakes may open open the wrong port, erase the wrong LUN, bridge the wrong NIC. I've done quite some security in my time and the biggest problem is always human error. We need to humbly acknowledge this. In short: it's certainly a bigger risk, but the consequences of compromising your server might lead you to accept this risk. --------------------------------------------------------------------------------------------------------
I 100% agree with you on this :) By splitting things up, you can
limit the "damage zone". And I can see what you mean about the human area
- you really need your head screwed on when working with all this stuff!
Do people on this list generally trust Xen with their private data,
mixed with public VMs? The folks over at Slicehost, Amazon etc.. seem
to... _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users |
| Previous by Date: | Re: [Xen-users] Xen Security, Bart Coninckx |
|---|---|
| Next by Date: | Re: [Xen-users] Xen Security, Bart Coninckx |
| Previous by Thread: | Re: [Xen-users] Xen Security, Bart Coninckx |
| Next by Thread: | Re: [Xen-users] Xen Security, Bart Coninckx |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
