|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Xen Security
On Friday 16 July 2010 12:27:46 Jonathan Tripathy wrote: > I think the challenges are bigger than with separate physicals boxes. You > have to approach from a theoretical point of view. It's not that because > there are no breaches or exploits today, that there will never be. The > theory is this: maximum seclusion is maximum security. Two separate boxes > in two separate networks in let's say two separate buildings (physical > security is also part of the game) will be the most secure. Xen presents > an exception to this: the seclusion is created by software. In theory it > is the same thing as physical seclusion, until the software fails or is > compromised. > Another thing is human error: you WILL make mistakes. One of those mistakes > may open open the wrong port, erase the wrong LUN, bridge the wrong NIC. > I've done quite some security in my time and the biggest problem is always > human error. We need to humbly acknowledge this. > In short: it's certainly a bigger risk, but the consequences of > compromising your server might lead you to accept this risk. > > --------------------------------------------------------------------------- > ----------------------------- > > I 100% agree with you on this :) By splitting things up, you can limit the > "damage zone". And I can see what you mean about the human area - you > really need your head screwed on when working with all this stuff! > > Do people on this list generally trust Xen with their private data, mixed > with public VMs? The folks over at Slicehost, Amazon etc.. seem to... > I would be surprised if Amazon does this. Only their management stuff will be connected to the pulbic infrastructure. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |