|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Xen Security
On Fri, Jul 16, 2010 at 12:49 AM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> Hi Everyone,
>
> My Xen host currently run DomUs which contain some very sensitive
> information, used by our company. I wish to use the same server to host some
> VMs for some customers. If we assume that networking is set up securely, are
> there any other risks that I should worry about?
>
> Is Xen secure regarding "breaking out" of the VM?
>
> Thanks
>
> _______________________________________________
a XEN domU is "just another PC", when it comes to the networking side
of things. i.e. a user can "breakout" if he wants to and ultimately
you should handle the network security as you would with normal
servers.
How do you secure your normal sensitive network server from client
servers? Deal with XEN in the same way :) Setup decent firewalling. We
actually put some of our sensitive domU's on a different network
subnet, and block routing from client VM's to that subnet. So if they
wanted to break in, they would have todo it from outside our network,
at which point our firewalls take care of the rest.
--
Kind Regards
Rudi Ahlers
SoftDux
Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|