Re: [Xen-users] Ideal(istic) Xen firewall design

On Mon, Aug 15, 2005 at 09:34:10AM +1200, Mike Tierney wrote:
> But it is still tempting to just do away with the seperate firewall vm and
> do all the firewalling in Dom0!

That seems perfectly reasonable to me for a filtering router sort of
firewall with no exposed services.  Unless you're going to make dom0
itself console-only access (with good physical security on that
access), I can't see where it does much good to push the filtering into
a domU.  Of course if you're shutting down and restarting the filtering
firewall, you'd probably better be accessing dom0 from console
anyway.  :-/

Frankly, if you have *any* non-console access to dom0 (or poor physical
security), I would expect that to be a bigger threat than a break-in
through the kernel's IP stack/netfilter.  But there's no one right
answer - it really depends on your specific threat model and all the
rest of that stuff that we all prefer not to quantify because it's so
much work to get results that you know have a lot of best guesses and
estimates in 'em...  But without that judging the tradeoff is *really*
guesswork.

-- 
In software as well as in modern art,
the distinction between intentional and accidental omissions
is often difficult to make.  -- Andrew Hunt & David Thomas

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Xen-users] Failover, Mark Williamson

Next by Date:

Re: [Xen-users] Ideal(istic) Xen firewall design, Dirk H. Schulz

Previous by Thread:

RE: [Xen-users] Ideal(istic) Xen firewall design, Mike Tierney

Next by Thread:

Re: [Xen-users] Ideal(istic) Xen firewall design, Dirk H. Schulz

Indexes:

[Date] [Thread] [Top] [All Lists]