Xen project Mailing List

Re: [Xen-users] Xen Security

To: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>, xen-users-bounces@xxxxxxxxxxxxxxxxxxx, Xen-users@xxxxxxxxxxxxxxxxxxx

From: "Vern Burke" <vburke@xxxxxxxx>

Date: Fri, 16 Jul 2010 11:25:39 +0000

Cc:

Delivery-date: Fri, 16 Jul 2010 04:27:03 -0700

Importance: Normal

List-id: Xen user discussion <xen-users.lists.xensource.com>

Sensitivity: Normal

I did NOT say that. Like much of the current discussion about cloud security, it comes down to degree of likely. You are FAR more likely to have a VM hacked directly as the result of lousy system admin practices than you are some remote theoretical possibility of someone breaching the hypervisor. In my opinion, unless you're storing nuclear launch codes, keep the cloud/hypervisor up to date, keep the guest OS up to date, and follow system admin best practices and the chances of being hacked are vanishingly small. Vern Vern Burke, SwiftWater Telecom, http://www.swiftwatertel.com -----Original Message----- From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx> Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx Date: Fri, 16 Jul 2010 08:05:43 To: Vern Burke<vburke@xxxxxxxx>; <Xen-users@xxxxxxxxxxxxxxxxxxx> Subject: Re: [Xen-users] Xen Security Hi Vern, So you think I should just set up my networking properly and forget about the rest? Do you feel it ok to share the same Xen host with internal VMs with public VMs? Thanks On 16/07/10 02:10, Vern Burke wrote: > I have no idea how you could actually PROVE that there's no possible > way someone could break out of a dom U into the dom 0. As I've written > before, since Xen is out and about in such a large way (being the > underpinning of Amazon EC2) that if there was a major risk of this, > we'd have seen it happen already. > > Vern Burke > > SwiftWater Telecom > http://www.swiftwatertel.com > ISP/CLEC Engineering Services > Data Center Services > Remote Backup Services > > On 7/15/2010 7:07 PM, Jonathan Tripathy wrote: >> >> On 15/07/10 23:49, Jonathan Tripathy wrote: >>> Hi Everyone, >>> >>> My Xen host currently run DomUs which contain some very sensitive >>> information, used by our company. I wish to use the same server to >>> host some VMs for some customers. If we assume that networking is set >>> up securely, are there any other risks that I should worry about? >>> >>> Is Xen secure regarding "breaking out" of the VM? >>> >>> Thanks >>> >>> _______________________________________________ >>> Xen-users mailing list >>> Xen-users@xxxxxxxxxxxxxxxxxxx >>> http://lists.xensource.com/xen-users >> >> I'm running Xen 3.4.2 on CentOS 5.5 Dom0 by the way. >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@xxxxxxxxxxxxxxxxxxx >> http://lists.xensource.com/xen-users >> _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

Follow-Ups:

RE: [Xen-users] Xen Security
- From: Jonathan Tripathy

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.