xen-users
Re: [Xen-users] Xen Security
I'd keep it up to snuff, yes. I myself test ran each XCP release
candidate and the upgraded to the final 0.5.0 release within 24 hours of
each becoming available.
I really shudder to see people recommending running old 3.0.3 and 3.2.x
releases because that's what happens to get thrown in with the
particular Linux distribution. I think it's bad news.
Vern Burke
SwiftWater Telecom
http://www.swiftwatertel.com
Xen Cloud Control System
http://www.xencloudcontrol.com
On 7/16/2010 7:59 AM, Jonathan Tripathy wrote:
Thanks Vern,
I can indeed keep my VMs up to date, however the customers will be in
charge of their VMs so I can't upgrade theirs, however I think this is a
moot point as they will have root access anyway.
I should probably upgrade my Xen 3.4.2 to 3.4.3 then?
Thanks
------------------------------------------------------------------------
*From:* Vern Burke [mailto:vburke@xxxxxxxx]
*Sent:* Fri 16/07/2010 12:25
*To:* Jonathan Tripathy; xen-users-bounces@xxxxxxxxxxxxxxxxxxx;
Xen-users@xxxxxxxxxxxxxxxxxxx
*Subject:* Re: [Xen-users] Xen Security
I did NOT say that. Like much of the current discussion about cloud
security, it comes down to degree of likely. You are FAR more likely to
have a VM hacked directly as the result of lousy system admin practices
than you are some remote theoretical possibility of someone breaching
the hypervisor.
In my opinion, unless you're storing nuclear launch codes, keep the
cloud/hypervisor up to date, keep the guest OS up to date, and follow
system admin best practices and the chances of being hacked are
vanishingly small.
Vern
Vern Burke, SwiftWater Telecom, http://www.swiftwatertel.com
-----Original Message-----
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Date: Fri, 16 Jul 2010 08:05:43
To: Vern Burke<vburke@xxxxxxxx>; <Xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Xen Security
Hi Vern,
So you think I should just set up my networking properly and forget
about the rest? Do you feel it ok to share the same Xen host with
internal VMs with public VMs?
Thanks
On 16/07/10 02:10, Vern Burke wrote:
> I have no idea how you could actually PROVE that there's no possible
> way someone could break out of a dom U into the dom 0. As I've written
> before, since Xen is out and about in such a large way (being the
> underpinning of Amazon EC2) that if there was a major risk of this,
> we'd have seen it happen already.
>
> Vern Burke
>
> SwiftWater Telecom
> http://www.swiftwatertel.com
> ISP/CLEC Engineering Services
> Data Center Services
> Remote Backup Services
>
> On 7/15/2010 7:07 PM, Jonathan Tripathy wrote:
>>
>> On 15/07/10 23:49, Jonathan Tripathy wrote:
>>> Hi Everyone,
>>>
>>> My Xen host currently run DomUs which contain some very sensitive
>>> information, used by our company. I wish to use the same server to
>>> host some VMs for some customers. If we assume that networking is set
>>> up securely, are there any other risks that I should worry about?
>>>
>>> Is Xen secure regarding "breaking out" of the VM?
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>> Xen-users mailing list
>>> Xen-users@xxxxxxxxxxxxxxxxxxx
>>> http://lists.xensource.com/xen-users
>>
>> I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the way.
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
>>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|