[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] If Dom0 was compramised

  • To: <Xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
  • Date: Thu, 20 May 2010 11:39:25 +0100
  • Cc:
  • Delivery-date: Thu, 20 May 2010 03:40:54 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: Acr4BLb2wrmo1Q1xRgOZULGi2DBbLwAApjri
  • Thread-topic: [Xen-users] If Dom0 was compramised
What if I were to use this setup:
 
 
In a nutshell, run a firewall ina DomU and delegate a physicaal NIC to it (The physical NIC would have a public IP from the ISP).
Then, connect the other vifs from the firewall DomU to a bridge, which eventually connects to the LAN
 
Is this secure? I could disable ssh etc. in Dom0 and just use an old school monitor connected to the server. Is this as safe as it could be?
 
Thanks
 
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Olivier B.
Sent: Thu 20/05/2010 11:06
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] If Dom0 was compramised

I'm not an expert, but Dom0 have access at least to the disk, the network trafic, and memory thought "xm save".
Well, it seem to be a full access no ?

Olivier

Le 20/05/2010 11:53, Jonathan Tripathy a écrit :
Hi Everyone,
 
If Dom0 were to get compramised, how bad would this be? How much access to the DomUs does Dom0 have?
 
Trying to build a strong security network here
 
Many Thanks
 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.