[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: firewalls and Xen

To: Molle Bestefich <molle.bestefich@xxxxxxxxx>
From: Tom Eastep <teastep@xxxxxxxxxxxxx>
Date: Fri, 07 Jul 2006 18:24:30 -0700
Cc: Luke <secureboot@xxxxxxxxx>, Daniel Goertzen <goertzen@xxxxxxxx>, Patrick Wolfe <pwolfe@xxxxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 07 Jul 2006 18:25:20 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Molle Bestefich wrote:
>
> 
> I'm thinking that if one domU is breached, a hacker will have total
> freedom to poke at any ports on any of the other domUs regardless of
> the firewall.

I disagree.In the topology presented in
http://www.shorewall.net/XenMyWay.html, a breach of the most vulnerable
domU (the 'lists' domain) cannot compromise any of the other domUs or
the dom0 or any of the local systems.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@xxxxxxxxxxxxx
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Re: firewalls and Xen
  - From: Emiliano Gabrielli

References:
- [Xen-users] Re: firewalls and Xen
  - From: Molle Bestefich

Prev by Date: RE: [Xen-users] can't create WinXP or Win2003 VMX
Next by Date: [Xen-users] sched-sedf with multiple cpu's
Previous by thread: [Xen-users] Re: firewalls and Xen
Next by thread: Re: [Xen-users] Re: firewalls and Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.