WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen Security

Jonathan Tripathy wrote:
>> One is simply to subvert the communications between the guest and the 
>> host - things like buffer overflows, code injection, etc 
> 
> Hi Simon,
> 
> You say "simply", however isn't it actually quite difficult to do the things 
> you mentioned? Reading on the CVE lists, there doesn't seem to be any current 
> known possible exploits?
> 
> Again, I'm just trying to guage how secure Xen is, and how much the experts 
> (you guys) trust it.
> 
> Thanks
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

The "Xen Security" subject always creates a firestorm each time it hits
the list; And each time there are a plethora of opinions based on both
real and imagined exploits, etc.  None of the opinions are necessarily
wrong.  The bottom line is that you have to judge for yourself how/if
you buy each argument.

Personally, we use Xen in a strictly paravirtualized environment, Linux
only on both Dom0 and DomU's and each server (Dom0 or DomU) is
individually firewalled with iptables based on the service, source and
destination IPs.  Our machines packages are checked monthly, unless a
vulnerability in a service is announced sooner than that.  This system
has worked well for us for 2.5 plus years.  The key to that statement is
"worked well for us."  Your mileage may vary.

Thanks,
-- 
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>