[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] Xen Security
How do you secure your normal sensitive network server from client servers? Deal with XEN in the same way :) Setup decent firewalling. We actually put some of our sensitive domU's on a different network subnet, and block routing from client VM's to that subnet. So if they wanted to break in, they would have todo it from outside our network, at which point our firewalls take care of the rest. -------------------------------------------------------------------------------------------------- Hi Rudi,
Even though all internal and customer (untrusted) VMs are on the
same box, there is indeed firewalling between them. I have a pfsense firewall
domU set up, as well as iptables on the Dom0, to prevent the public VMs from
accessing the internal ones. The public VMs are on a public subnet (which is
actually bridged with the "WAN" side of the firewall), while the internal ones
are on a private subnet, so breaking in would have to be done from "outside" the
firewall as well.
My main concern was some Xen exploit that would allow a DomU user
access to Dom0...
Thanks _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |