| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
RE: [Xen-users] Xen Security
|
From: Bart Coninckx
[mailto:bart.coninckx@xxxxxxxxxx]
Sent: Fri 16/07/2010
11:39
To: Jonathan Tripathy
Cc:
xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Xen
Security
On Friday 16 July 2010 12:27:46 Jonathan Tripathy wrote:
>
I think the challenges are bigger than with separate physicals boxes.
You
> have to approach from a theoretical point of view. It's not
that because
> there are no breaches or exploits today, that there
will never be. The
> theory is this: maximum seclusion is maximum
security. Two separate boxes
> in two separate networks in let's say
two separate buildings (physical
> security is also part of the
game) will be the most secure. Xen presents
> an exception to
this: the seclusion is created by software. In theory it
> is the
same thing as physical seclusion, until the software fails or is
>
compromised.
> Another thing is human error: you WILL make mistakes. One
of those mistakes
> may open open the wrong port, erase the wrong LUN,
bridge the wrong NIC.
> I've done quite some security in my time and
the biggest problem is always
> human error. We need to humbly
acknowledge this.
> In short: it's certainly a bigger risk, but the
consequences of
> compromising your server might lead you to accept
this risk.
>
>
---------------------------------------------------------------------------
>
-----------------------------
>
> I 100% agree with you on this :)
By splitting things up, you can limit the
> "damage zone". And
I can see what you mean about the human area - you
> really need
your head screwed on when working with all this stuff!
>
> Do people
on this list generally trust Xen with their private data, mixed
>
with public VMs? The folks over at Slicehost, Amazon etc.. seem
to...
>
I would be surprised if Amazon does this. Only their
management stuff will be
connected to the pulbic
infrastructure.
-----------------------------------------------------------------------------------------------------------------------------
Ah, sorry I wasn't suggesting that Amazon's web shop runs on
their EC2 cloud. I was just simply stating that Amazon seem to trust Xen with a
mixture of customer VMs, that's all
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Xen-users] Xen Security, (continued)
- Re: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Simon Hobson
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Fajar A. Nugraha
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Bart Coninckx
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Bart Coninckx
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Bart Coninckx
- RE: [Xen-users] Xen Security,
Jonathan Tripathy <=
- Re: [Xen-users] Xen Security, Bart Coninckx
- Re: [Xen-users] Xen Security, Fajar A. Nugraha
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, ABPNI
- Re: [Xen-users] Xen Security, Fajar A. Nugraha
- RE: [Xen-users] Xen Security, Jonathan Tripathy
- Re: [Xen-users] Xen Security, Steve Spencer
- RE: [Xen-users] Xen Security, Simon Hobson
Re: [Xen-users] Xen Security, Rudi Ahlers
|
|
|
| |
|
Home