|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Ideal(istic) Xen firewall design
On Mon, Aug 15, 2005 at 09:34:10AM +1200, Mike Tierney wrote: > But it is still tempting to just do away with the seperate firewall vm and > do all the firewalling in Dom0! That seems perfectly reasonable to me for a filtering router sort of firewall with no exposed services. Unless you're going to make dom0 itself console-only access (with good physical security on that access), I can't see where it does much good to push the filtering into a domU. Of course if you're shutting down and restarting the filtering firewall, you'd probably better be accessing dom0 from console anyway. :-/ Frankly, if you have *any* non-console access to dom0 (or poor physical security), I would expect that to be a bigger threat than a break-in through the kernel's IP stack/netfilter. But there's no one right answer - it really depends on your specific threat model and all the rest of that stuff that we all prefer not to quantify because it's so much work to get results that you know have a lot of best guesses and estimates in 'em... But without that judging the tradeoff is *really* guesswork. -- In software as well as in modern art, the distinction between intentional and accidental omissions is often difficult to make. -- Andrew Hunt & David Thomas _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |