|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Newbie query - Xen and security
Andy Elvey wrote: I have a query re Xen and security. If I'm using the 'net (browsing, email) while I'm running a Xen-enabled kernel, does that make it more difficult for the bad guys out there to pop a rootkit or virus onto my PC? I tend to envision Xen as making everything "virtual", so that if they did try to rootkit my PC, they couldn't actually _install_ it onto my system, (as I'm running a "virtual environment" ). So, if I understand correctly, any "damage" that they try to do is *totally* limited to the session I'm running, and when I next fire up my PC, all will be well. Practically speaking, Xen doesn't really do what you describe. Xen is not a silver bullet when it comes to security. It's all about how you use it. For the scenario you describe, your as safe in Xen as you would be in Linux (it all depends on what you run as root in Linux and what you run in dom0 in Xen). What Xen allows you to do, from a security perspective, that something like Linux doesn't really is to run two virtual machines and have them be isolated from themselves. Even if you used multiple users in Linux, you're sharing a considerable amount of resources between the two users which makes total isolation difficult. Isolation in Xen is much easier because there's almost no shared resources. When it comes from protecting you from external attackers, Xen is no different than Linux. An admitted simplification but I think you get the idea. Regards, Anthony Liguori Is my description pretty much accurate? Very many thanks in advance for your replies!Bye for now - - Andy _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |