Questions? Contact Us

 

Latest News

Featured News & Events

Securing Xen in a Distributed Environment

Xen is one of the newest virtualization platforms available that can securely run multiple virtual guest servers, each running its own operating system, on a single physical system with close to native performance.  It is available on many Linux platforms as an open source application and directly from XenSource Inc. 



With the advent of multiple core processors and Xen, it is possible to virtualize an entire data center and fit 50 or more independent servers into one Xen server.  There are a number of third-party tools or known as management consoles have been developed to facilitate the common tasks of administering a Xen host, such as configuring, starting, monitoring and stopping of Xen guests. Examples include Enomalism, Xen Tools, Google's Ganeti, MLN, HyperVM, FluidVM, ConVirt (formerly XenMan) and Red Hat's Virtual Machine Manager, virt-manager.  Unfortunately, all of them fall short in one area or another in a distributed, secure and automated environment.

I will not get into how each of these management programs work but with few exceptions, they require complex installations into the Domain-0 or privileged domain and require incoming connections to it, or require a local desktop tool.  While this is convenient, it is not completely secure and can potentially lead to vulnerabilities.  If Domain-0 is ever compromised, all other guest domains running in it are vulnerable as well.  As a basic for security, the following should be required:

  1. Run the smallest number of necessary services on Domain-0.

  2. Use a firewall to restrict the traffic Domain-0.

  3. Do not allow users to access Domain-0.

  4. Do not allow any incoming connections to Domain-0.

So, How do you manage a Xen server remotely if you cannot directly access Domain-0 you say?  The answer is almost too simple, Domain-0 will use outgoing connections to a remote server.  This not only allows the server to be more secure, it can potentially reduce memory and load requirements of the management domain.

Currently, we have working scripts that can provision and manage guest domains as well as send statistics to a remote server.  These scripts are only just beginning but are currently working in a production environment.  Each are released using GPL licensing in hopes that others will gain some use and provide feedback so we can make managing xen servers easier and more secure.

Act Now To Prevent Data Breaches
OpenSSL Vulnerability

Related Posts

 

Tag Cloud

Hosting business community anti virus cybersecurity Healthcare Records network bash vulnerability scanning cloud spf lamp Alarm Health Care Cybersecurity Medical Solutions Firetalk security Charleston logical security QSA business solutions data privacy backup solutions PCI Data Security Standards INFOSEC log files Announcement malicious software black friday Control Panel Accountability Act compliance Scalable Redundant Cloud Infrastructure apache ICANN Xen GDPR TiaraCon spoofing Geekend Positive Customer Impact businesses multi-factor authentication PCI Compliance HIPAA solutions amazon ec2 dsbl Home Depot Breach Web Hosting cloud infrastructure PCI Audit change cyber security Internet Corporation physical security shared secure hosting intrusion detection Cloud Computing ZZ Servers small business business solitions David Zendzian National Cyber Security Awareness Month protect data ipad Credit Card Security HIPAA Server Mangement HIPAA Solutions Medical Records Assigned Names assesment compliant hosting cyber protection shared folders Cybersecurity Business Solutions Vulnerability cyber embedded permissions PCI Solutions Information Technology social engineering BSides Credit Cards exchange Ubuntu email accounts arduino password security circles qsa education IT security Cybersecurity personal information Reports cyber liability insurance vyatta router firewall filter security PCI HIPAA credit cards stolen physical Business Solutions openssl OSSEC Linux CentOs Zendzian PCI Shmoocon credit card payment healthcare solutions Car Hacking Sysadmin members area computer networks Hackers Windows IT Services Email search vps PCI Hosting Security Internet infrastructure Presentation Small Business Debian caller-id computer security dss blackberry pci complliant hosting HIDS VPS Servers windows 7 data breach smartphone data protection ZZ Servers Co-Founder Continuous Monitoring Disaster Recovery Plan business employee training DEF CON Health Insurance Portability iphone phishing attacks credit card infrastructure command line health care providers IT services Compliance PCI DSS 3.2 passwords spam HIPPA TLS IT support SSL PCI Service Provider teensy Internet World Backup Day recovering data trends cyber monitoring shared hosting eCommerce Solutions Las Vegas eCommerce video mail server IT solutions two factor authentication phishing management computing in the cloud InterWorx Online Business Interworx-CP Business Planning information technology Domani Names hosting control panel follow.The HIPAA Privacy Rule Payment Card Industry sender policy IT Solutions activesync cli cyber monday shared server safe computing PCI compliance motivation cell phone email DRP kerio