|
xen-users
Re: [Xen-users] Xen Security
On Friday 16 July 2010 12:12:45 Jonathan Tripathy wrote:
> Jonathan, I will "psychologically" shortcut your question :-) : you
> actually really want to do this and you need approval by someone of the
> list. This is not a good way to handle this matter. Think of the
> consequences of a security breach, then think about the expenses to avoid
> this and then come to a conclusion. What you are doing is bottom-up: you
> have your infrastructure and you wonder if you can bend it in such a way
> it will give you peace of mind.
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
> -----------
>
> Bart, I'm asking here because I am not aware of any Xen exploits and
> breechs, and I am trying to do research. I can't find anything useful on
> Google. I really do feel that even if I did seperate everything onto
> seperate boxes, the matter still woudn't be resolved, as if one customer
> "broke out" of their VM, they could steal other customer's data. Infact, I
> would nearly say that would be worse than if my data was stolen, as if it
> were my data that was stolen, I would only have myself to blame...
>
> Even seperating storage woudn't really help in this matter, as storage
> would still be shared among several VMs.
>
> It gets to the stage where the only secure thing to do is to avoid Xen
> altogether, and offer dedicated servers. Of course, this is not the thing
> that I want to do.
>
> There are many people on this list that offer VPS hosting services to
> untrusted customers, and I'm trying to guage what measures they take (if
> any) to prevent such exploits. From what I gather, no one does anything,
> except keep their network secure. As someone mentioned, Amazon EC2 use
> Xen, and if there was an exploit, we would have heard about it by now...
>
I think the challenges are bigger than with separate physicals boxes. You have
to approach from a theoretical point of view. It's not that because there are
no breaches or exploits today, that there will never be. The theory is this:
maximum seclusion is maximum security. Two separate boxes in two separate
networks in let's say two separate buildings (physical security is also part
of the game) will be the most secure. Xen presents an exception to this: the
seclusion is created by software. In theory it is the same thing as physical
seclusion, until the software fails or is compromised.
Another thing is human error: you WILL make mistakes. One of those mistakes
may open open the wrong port, erase the wrong LUN, bridge the wrong NIC. I've
done quite some security in my time and the biggest problem is always human
error. We need to humbly acknowledge this.
In short: it's certainly a bigger risk, but the consequences of compromising
your server might lead you to accept this risk.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: [Xen-users] Xen Security, (continued)
Re: [Xen-users] Xen Security, Iustin Pop
- Re: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Simon Hobson
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Fajar A. Nugraha
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Bart Coninckx
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security,
Bart Coninckx <=
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Bart Coninckx
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Bart Coninckx
Re: [Xen-users] Xen Security, Fajar A. Nugraha
RE: [Xen-users] Xen Security, Jonathan Tripathy
Re: [Xen-users] Xen Security, ABPNI
Re: [Xen-users] Xen Security, Fajar A. Nugraha
RE: [Xen-users] Xen Security, Jonathan Tripathy
Re: [Xen-users] Xen Security, Steve Spencer
|
|
|
Home