WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen Security

To: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Subject: Re: [Xen-users] Xen Security
From: Rudi Ahlers <Rudi@xxxxxxxxxxx>
Date: Fri, 16 Jul 2010 09:19:52 +0200
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 16 Jul 2010 00:21:35 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=softdux.com; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject:To:Cc:Content-Type:X-Assp-Whitelisted:X-Assp-Envelope-From:X-Assp-Intended-For:X-Source:X-Source-Args:X-Source-Dir; b=CLc4uDp+ZS3JUncGVfbomib1b810/Fw/ZPRpDgFroXka45lJqBS0tpr6r6t8UFpJvDTQMzRvM1Oewjy7yFyJJ3CjvdSOHMRs8fypJcfVs1gHUZAkAL4Gh5tc+/mPefG1;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C3F905E.9030100@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C3F905E.9030100@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Fri, Jul 16, 2010 at 12:49 AM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> Hi Everyone,
>
> My Xen host currently run DomUs which contain some very sensitive
> information, used by our company. I wish to use the same server to host some
> VMs for some customers. If we assume that networking is set up securely, are
> there any other risks that I should worry about?
>
> Is Xen secure regarding "breaking out" of the VM?
>
> Thanks
>
> _______________________________________________


a XEN domU is "just another PC", when it comes to the networking side
of things. i.e. a user can "breakout" if he wants to and ultimately
you should handle the network security as you would with normal
servers.

How do you secure your normal sensitive network server from client
servers? Deal with XEN in the same way :) Setup decent firewalling. We
actually put some of our sensitive domU's on a different network
subnet, and block routing from client VM's to that subnet. So if they
wanted to break in, they would have todo it from outside our network,
at which point our firewalls take care of the rest.



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>