|   xen-users
RE: [Xen-users] Xen Security 
| 
As of now, is 3.4.3 free of known exploits? I understand what you 
are saying about 3.0.3 and 3.2.x as they have a couple of bad exploits...   Cheers 
 From: Vern Burke 
[mailto:vburke@xxxxxxxx]
 Sent: Fri 16/07/2010 14:15
 To: 
Jonathan Tripathy
 Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
 Subject: 
Re: [Xen-users] Xen Security
 
 
 
I'd keep it up to snuff, yes. I myself test ran each XCP 
releasecandidate and the upgraded to the final 0.5.0 release within 24 hours 
of
 each becoming available.
 
 I really shudder to see people 
recommending running old 3.0.3 and 3.2.x
 releases because that's what happens 
to get thrown in with the
 particular Linux distribution. I think it's bad 
news.
 
 Vern Burke
 
 SwiftWater Telecom
 http://www.swiftwatertel.com
 Xen 
Cloud Control System
 http://www.xencloudcontrol.com
 
 On 
7/16/2010 7:59 AM, Jonathan Tripathy wrote:
 > Thanks Vern,
 > I can 
indeed keep my VMs up to date, however the customers will be in
 > charge 
of their VMs so I can't upgrade theirs, however I think this is a
 > moot 
point as they will have root access anyway.
 > I should probably upgrade my 
Xen 3.4.2 to 3.4.3 then?
 > Thanks
 >
 > 
------------------------------------------------------------------------
 > 
*From:* Vern Burke [mailto:vburke@xxxxxxxx]
 > *Sent:* Fri 
16/07/2010 12:25
 > *To:* Jonathan Tripathy; 
xen-users-bounces@xxxxxxxxxxxxxxxxxxx;
 > 
Xen-users@xxxxxxxxxxxxxxxxxxx
 > *Subject:* Re: [Xen-users] Xen 
Security
 >
 > I did NOT say that. Like much of the current discussion 
about cloud
 > security, it comes down to degree of likely. You are FAR 
more likely to
 > have a VM hacked directly as the result of lousy system 
admin practices
 > than you are some remote theoretical possibility of 
someone breaching
 > the hypervisor.
 >
 > In my opinion, unless 
you're storing nuclear launch codes, keep the
 > cloud/hypervisor up to 
date, keep the guest OS up to date, and follow
 > system admin best 
practices and the chances of being hacked are
 > vanishingly 
small.
 >
 > Vern
 >
 > Vern Burke, SwiftWater Telecom, http://www.swiftwatertel.com
 >
 > 
-----Original Message-----
 > From: Jonathan Tripathy 
<jonnyt@xxxxxxxxxxx>
 > Sender: 
xen-users-bounces@xxxxxxxxxxxxxxxxxxx
 > Date: Fri, 16 Jul 2010 
08:05:43
 > To: Vern Burke<vburke@xxxxxxxx>; 
<Xen-users@xxxxxxxxxxxxxxxxxxx>
 > Subject: Re: [Xen-users] Xen 
Security
 >
 > Hi Vern,
 >
 > So you think I should just set 
up my networking properly and forget
 > about the rest? Do you feel it ok 
to share the same Xen host with
 > internal VMs with public 
VMs?
 >
 > Thanks
 >
 >
 > On 16/07/10 02:10, Vern 
Burke wrote:
 >  > I have no idea how you could actually PROVE that 
there's no possible
 >  > way someone could break out of a dom U 
into the dom 0. As I've written
 >  > before, since Xen is out and 
about in such a large way (being the
 >  > underpinning of Amazon 
EC2) that if there was a major risk of this,
 >  > we'd have seen 
it happen already.
 >  >
 >  > Vern 
Burke
 >  >
 >  > SwiftWater Telecom
 >  
> http://www.swiftwatertel.com
 >  
> ISP/CLEC Engineering Services
 >  > Data Center 
Services
 >  > Remote Backup Services
 >  
>
 >  > On 7/15/2010 7:07 PM, Jonathan Tripathy 
wrote:
 >  >>
 >  >> On 15/07/10 23:49, Jonathan 
Tripathy wrote:
 >  >>> Hi Everyone,
 >  
>>>
 >  >>> My Xen host currently run DomUs which 
contain some very sensitive
 >  >>> information, used by our 
company. I wish to use the same server to
 >  >>> host some 
VMs for some customers. If we assume that networking is set
 >  
>>> up securely, are there any other risks that I should worry 
about?
 >  >>>
 >  >>> Is Xen secure 
regarding "breaking out" of the VM?
 >  >>>
 >  
>>> Thanks
 >  >>>
 >  >>> 
_______________________________________________
 >  >>> 
Xen-users mailing list
 >  >>> 
Xen-users@xxxxxxxxxxxxxxxxxxx
 >  >>> http://lists.xensource.com/xen-users
 >  
>>
 >  >> I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the 
way.
 >  >>
 >  >> 
_______________________________________________
 >  >> Xen-users 
mailing list
 >  >> Xen-users@xxxxxxxxxxxxxxxxxxx
 >  
>> http://lists.xensource.com/xen-users
 >  
>>
 >
 > _______________________________________________
 > 
Xen-users mailing list
 > Xen-users@xxxxxxxxxxxxxxxxxxx
 > http://lists.xensource.com/xen-users
 >
 >
 >
 > 
_______________________________________________
 > Xen-users mailing 
list
 > Xen-users@xxxxxxxxxxxxxxxxxxx
 > http://lists.xensource.com/xen-users
 
 _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users | 
 |  |