When one rents a domU, what are some of the security concerns to have? I haven''t used Xen at all, but am considering to purchase a domU. I guess the administrator of the xen server (dom0) can read all information (hard drive) on all domUs, is this correct? What would be some countermeasures? Lets say I don''t want them reading the emails in my mail server. William _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi William, William schrieb:> When one rents a domU, what are some of the security concerns to > have? I haven''t used Xen at all, but am considering to purchase a domU. > I guess the administrator of the xen server (dom0) can read all > information (hard drive) on all domUs, is this correct? What would be > some countermeasures? Lets say I don''t want them reading the emails > in my mail server.Besides what Mathias already answered (you have to trust your provider or be your own provider) there is several things you can do: 1. Rent a NetBSD domU that runs on a linux host. That makes it at least more difficult to mount the file system of your domU into dom0. 2. Use NetBSDs cryptographic file system pseudo device to encrypt your file system (at least the parts you want to keep secret). 3. Use TLS for all of your network communication. All these steps make it more difficult to peep into your data, but not impossible. Concerning the phrase "trust your provider" you have to consider: Even renting hardware does not give you real security, because the people at the provider can reboot your server at night with a knoppix cd and configure access for later. Perhaps you should make a list of what exactly you want to keep private and then we could discuss other means of doing this. Dirk _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi William, there''s a quite simple solution - buy your own hardware and to avoid other people beeing able to read any data from your machine - keep it offline ;-) Don''t you think your concerns are quite paranoid? Just think how any virtual server / webspace is maintained. How do you think shall the provider help you with your product if he can''t access your data? Don''t you think Google is able to read this mail? However - you have to trust your provider - or find solutions that fit your security needs. cheers, Mat -----Original Message----- Sent: Montag 06.03.06 22:07:36 Subject: [Xen-users] domU security>When one rents a domU, what are some of the security concerns to >have? I haven''t used Xen at all, but am considering to purchase a domU. >I guess the administrator of the xen server (dom0) can read all >information (hard drive) on all domUs, is this correct? What would be >some countermeasures? Lets say I don''t want them reading the emails >in my mail server. >William > >_______________________________________________ >Xen-users mailing list >Xen-users@lists.xensource.com >http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Well, you can encrypt traffic to the domU (e.g. use SSL / SSH) that you consider to be sensitive. The dom0 will be able to intercept all network traffic. You can encrypt what''s on disk. The dom0 will be able to read the raw bytes of the disk but not decrypt without your keys. Crypto keys and data that reside in memory will be readable by the dom0, and there''s nothing you can really do about it. Think of dom0 as "root" for the Xen host, it doesn''t have a root account on your system but it''s equivalent. This means it implies a little more trust in your provider than renting a dedicated box or colocating your own server, since having a physically separtea machine makes it rather harder for the provider to poke around in it. However, even in those cases, they could be intercepting your network / disk traffic quite easily. It''s even possible they could be pretending you have a dedicated box, whilst really running you in a virtual machine ;-) (although that''d be easy to check). Obviously, other domUs shouldn''t be able to read your memory / disk, although it''s worth assuming that the virtual ethernet may leak information, rather like a real ethernet does. Cheers, Mark -- Dave: Just a question. What use is a unicyle with no seat? And no pedals! Mark: To answer a question with a question: What use is a skateboard? Dave: Skateboards have wheels. Mark: My wheel has a wheel! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users