|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] Security audits and compliances
-----Original Message----- From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of bbmailing@xxxxxx Sent: Wednesday, August 06, 2008 10:47 To: xen-users@xxxxxxxxxxxxxxxxxxx Subject: [Xen-users] Security audits and compliances <snip> Lets have an additional example to discuss: There are two networks that are generally not allowed to be directly connected to one physical machine. What about creating two driver domains on one physical host both having a dedicated NIC connected to one of these networks. The resulting security rule could be that the virtual machines are never allowed to use both driver domains. Do you think this would work out in a security audit? <snip> -----Reply----- This would probably depend who was doing what security audit. For instance, in some security audits, the fact that an internal person could use both driver domains in spite of rules against doing so might be unacceptable. In another, the fact that Dom0 could potentially be compromised if a DomU was compromised might be unacceptable, as this could allow an outside attacker into the protected internal domain (even if they then had to compromise another DomU from the Dom0, which I would argue would not even be necessary). Obviously, if it is unacceptable to have a router between these two networks, having something that could function as a router wouldn't be acceptable regardless. In a simple security audit, these things might not matter, but they still might be worth considering in regards to responsibility and/or liability. That's my simple 2 cents, Dustin _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |