Xen project Mailing List

Re: [Xen-users] Xen Security

From: Bart Coninckx <bart.coninckx@xxxxxxxxxx>

Date: Fri, 16 Jul 2010 11:57:41 +0200

Cc: Vern Burke <vburke@xxxxxxxx>, Jonathan Tripathy <jonnyt@xxxxxxxxxxx>

Delivery-date: Fri, 16 Jul 2010 03:00:17 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

On Friday 16 July 2010 09:05:43 Jonathan Tripathy wrote: > Hi Vern, > > So you think I should just set up my networking properly and forget > about the rest? Do you feel it ok to share the same Xen host with > internal VMs with public VMs? > > Thanks > > On 16/07/10 02:10, Vern Burke wrote: > > I have no idea how you could actually PROVE that there's no possible > > way someone could break out of a dom U into the dom 0. As I've written > > before, since Xen is out and about in such a large way (being the > > underpinning of Amazon EC2) that if there was a major risk of this, > > we'd have seen it happen already. > > > > Vern Burke > > > > SwiftWater Telecom > > http://www.swiftwatertel.com > > ISP/CLEC Engineering Services > > Data Center Services > > Remote Backup Services > > > > On 7/15/2010 7:07 PM, Jonathan Tripathy wrote: > >> On 15/07/10 23:49, Jonathan Tripathy wrote: > >>> Hi Everyone, > >>> > >>> My Xen host currently run DomUs which contain some very sensitive > >>> information, used by our company. I wish to use the same server to > >>> host some VMs for some customers. If we assume that networking is set > >>> up securely, are there any other risks that I should worry about? > >>> > >>> Is Xen secure regarding "breaking out" of the VM? > >>> > >>> Thanks > >>> > >>> _______________________________________________ > >>> Xen-users mailing list > >>> Xen-users@xxxxxxxxxxxxxxxxxxx > >>> http://lists.xensource.com/xen-users > >> > >> I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the way. > >> > >> _______________________________________________ > >> Xen-users mailing list > >> Xen-users@xxxxxxxxxxxxxxxxxxx > >> http://lists.xensource.com/xen-users > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > The "distance" in between the hosts should be maximized, being a seperate routed networks, seperate storage etc to have the risks minimized. Personally, I would not mix the two, unless having spent a LOT of time in isolating things, just as you would do with two physical hosts. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

Follow-Ups:

RE: [Xen-users] Xen Security
- From: Jonathan Tripathy

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.