On Friday 16 July 2010 12:27:46 Jonathan Tripathy wrote:
>
I think the challenges are bigger than with separate physicals boxes.
You
> have to approach from a theoretical point of view. It's not
that because
> there are no breaches or exploits today, that there
will never be. The
> theory is this: maximum seclusion is maximum
security. Two separate boxes
> in two separate networks in let's say
two separate buildings (physical
> security is also part of the
game) will be the most secure. Xen presents
> an exception to
this: the seclusion is created by software. In theory it
> is the
same thing as physical seclusion, until the software fails or is
>
compromised.
> Another thing is human error: you WILL make mistakes. One
of those mistakes
> may open open the wrong port, erase the wrong LUN,
bridge the wrong NIC.
> I've done quite some security in my time and
the biggest problem is always
> human error. We need to humbly
acknowledge this.
> In short: it's certainly a bigger risk, but the
consequences of
> compromising your server might lead you to accept
this risk.
>
>
---------------------------------------------------------------------------
>
-----------------------------
>
> I 100% agree with you on this :)
By splitting things up, you can limit the
> "damage zone". And
I can see what you mean about the human area - you
> really need
your head screwed on when working with all this stuff!
>
> Do people
on this list generally trust Xen with their private data, mixed
>
with public VMs? The folks over at Slicehost, Amazon etc.. seem
to...
>
I would be surprised if Amazon does this. Only their
management stuff will be
connected to the pulbic
infrastructure.
-----------------------------------------------------------------------------------------------------------------------------
Ah, sorry I wasn't suggesting that Amazon's web shop runs on
their EC2 cloud. I was just simply stating that Amazon seem to trust Xen with a
mixture of customer VMs, that's all
