|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Xen Security
Jonathan Tripathy wrote: >> One is simply to subvert the communications between the guest and the >> host - things like buffer overflows, code injection, etc > > Hi Simon, > > You say "simply", however isn't it actually quite difficult to do the things > you mentioned? Reading on the CVE lists, there doesn't seem to be any current > known possible exploits? > > Again, I'm just trying to guage how secure Xen is, and how much the experts > (you guys) trust it. > > Thanks > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users The "Xen Security" subject always creates a firestorm each time it hits the list; And each time there are a plethora of opinions based on both real and imagined exploits, etc. None of the opinions are necessarily wrong. The bottom line is that you have to judge for yourself how/if you buy each argument. Personally, we use Xen in a strictly paravirtualized environment, Linux only on both Dom0 and DomU's and each server (Dom0 or DomU) is individually firewalled with iptables based on the service, source and destination IPs. Our machines packages are checked monthly, unless a vulnerability in a service is announced sooner than that. This system has worked well for us for 2.5 plus years. The key to that statement is "worked well for us." Your mileage may vary. Thanks, -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 231 Mobile 308-380-7957 _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |