Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Xen 3.0 Virtualization User Guide
Prev Home Next

9.1 Xen Security Considerations

When deploying a Xen system, one must be sure to secure the management domain (Domain-0) as much as possible. If the management domain is compromised, all other domains are also vulnerable. The following are a set of best practices for Domain-0:

  1. Run the smallest number of necessary services. The less things that are present in a management partition, the better. Remember, a service running as root in the management domain has full access to all other domains on the system.
  2. Use a firewall to restrict the traffic to the management domain. A firewall with default-reject rules will help prevent attacks on the management domain.
  3. Do not allow users to access Domain-0. The Linux kernel has been known to have local-user root exploits. If you allow normal users to access Domain-0 (even as unprivileged users) you run the risk of a kernel exploit making all of your domains vulnerable.

Xen 3.0 Virtualization User Guide
Prev Home Next

 
 
  Published under the terms of the GNU General Public License Design by Interspire