[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Security audits and compliances


  • To: <bbmailing@xxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Ross S. W. Walker" <RWalker@xxxxxxxxxxxxx>
  • Date: Wed, 6 Aug 2008 11:46:12 -0400
  • Cc:
  • Delivery-date: Wed, 06 Aug 2008 08:46:52 -0700
  • Importance: normal
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Priority: normal
  • Thread-index: Acj302FA7OUR6eLVRCaCK6fwnWN5gwABkYiQ
  • Thread-topic: [Xen-users] Security audits and compliances

bbmailing@xxxxxx wrote:
> 
> Hey guys,
> 
> I was just looking into some standards concerning the 
> certification of critical computer systems in general when I 
> thought about how this relates to virtualization. Is there 
> anyone out there who has experiences with security audits for 
> Xen like PCI-DSS? Or to put it as a general question: does 
> virtualization matter? I think its a pretty interesting 
> question - how is the isolation between virtual machines 
> accepted with regards to security compliances?

Don't have PCI compliance experience, but I do have some
GLBA compliance experience.

> Lets have an additional example to discuss: There are two 
> networks that are generally not allowed to be directly 
> connected to one physical machine. What about creating two 
> driver domains on one physical host both having a dedicated 
> NIC connected to one of these networks. The resulting 
> security rule could be that the virtual machines are never 
> allowed to use both driver domains. Do you think this would 
> work out in a security audit?

For security, compliance or no compliance, dom0 must be treated
as a highly privileged and highly secure resource that only
a select group of individuals have access to, preferably a
group of individuals who do not have access to the domUs or
the applications that run within.

In the real world that kind of segregation of duties is hard
to attain, but all attempts must be made to try and reach
that goal. Limiting who from the admin group has the rights
to administer the virtual machine servers and by protecting
access to dom0 with local firewall, reducing attack surface
by limiting services running, assuring communications with
it are encrypted (ssh, ssl), and for domUs containing
customer information, if possible encrypting the storage
with an encryption key that only the domU admins know...

As far as network connectivity is concerned, the network
configuration and topology need to be internally
published so they can go under peer review for accuracy
and are available to auditors for review as well, but as
long as the traffic is segregated as it needs to be,
whether logically via vlans or physically over separate
NICs, it doesn't really matter.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.