[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen Security



Jonathan Tripathy wrote:
>> One is simply to subvert the communications between the guest and the 
>> host - things like buffer overflows, code injection, etc 
> 
> Hi Simon,
> 
> You say "simply", however isn't it actually quite difficult to do the things 
> you mentioned? Reading on the CVE lists, there doesn't seem to be any current 
> known possible exploits?
> 
> Again, I'm just trying to guage how secure Xen is, and how much the experts 
> (you guys) trust it.
> 
> Thanks
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

The "Xen Security" subject always creates a firestorm each time it hits
the list; And each time there are a plethora of opinions based on both
real and imagined exploits, etc.  None of the opinions are necessarily
wrong.  The bottom line is that you have to judge for yourself how/if
you buy each argument.

Personally, we use Xen in a strictly paravirtualized environment, Linux
only on both Dom0 and DomU's and each server (Dom0 or DomU) is
individually firewalled with iptables based on the service, source and
destination IPs.  Our machines packages are checked monthly, unless a
vulnerability in a service is announced sooner than that.  This system
has worked well for us for 2.5 plus years.  The key to that statement is
"worked well for us."  Your mileage may vary.

Thanks,
-- 
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.