[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Virtual Air Gap

To: CHATLINE UCR <ucrchatline@xxxxxxxxx>
From: "Fajar A. Nugraha" <list@xxxxxxxxx>
Date: Wed, 24 Dec 2014 20:09:14 +0700
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Delivery-date: Wed, 24 Dec 2014 13:09:40 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On Mon, Dec 22, 2014 at 7:06 AM, CHATLINE UCR <ucrchatline@xxxxxxxxx> wrote:
> Is a virtual air gap possible where dom0 is not connected to the
> internet but domU is? For instance if I set dev eth0 down, is there
> a configuration where domU can still connect to the internet? If so,
> what additional steps should I take when setting up xenbridge, or is
> a bridge needed at all? If not, can I pass through the NIC to some
> domU and make a xenbridge between the other domUs, keeping dom0
> offline?

It's possible to passthru a nic to domU
It's also possible to have a bridge with no ip on dom0 side.

> I know it's possible to keep a domU offline, but if dom0 is
> compromised, is an attack on that domU easier?

yep. similar to the way it would be on physical server setup if
someone managed to compromise your centralized SAN, router, and
console (e.g. kvm over ip)

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

References:
- [Xen-users] Virtual Air Gap
  - From: CHATLINE UCR

Prev by Date: [Xen-users] Virtual Air Gap
Next by Date: [Xen-users] request patch to fix ocaml on Deb8
Previous by thread: [Xen-users] Virtual Air Gap
Next by thread: [Xen-users] request patch to fix ocaml on Deb8
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.