|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Running workstation and firewall on the same hardware
Mark Williamson wrote: > the case of the firewall domain being compromised, however, a "sufficiently > clever" attacker can probably abuse the DMA engine of the network card to > "break out" of the domU. This is interesting. How robust is the isolation between domains and what are the possible risks? From what you wrote it seems that allowing domU access to the hardware is more risky than passing all packets to domU through dom0. Say that I've got two domUs - one in DMZ and one in the Intranet, DMZ-domU has a dedicated NIC, intra-domU uses vif provided by dom0. What are the risks of breaking out of DMZ to the Intranet? Michal Ludvig -- * Personal homepage: http://www.logix.cz/michal _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |