Questions? Contact Us

 

Latest News

Featured News & Events

Securing Xen in a Distributed Environment

Xen is one of the newest virtualization platforms available that can securely run multiple virtual guest servers, each running its own operating system, on a single physical system with close to native performance.  It is available on many Linux platforms as an open source application and directly from XenSource Inc. 



With the advent of multiple core processors and Xen, it is possible to virtualize an entire data center and fit 50 or more independent servers into one Xen server.  There are a number of third-party tools or known as management consoles have been developed to facilitate the common tasks of administering a Xen host, such as configuring, starting, monitoring and stopping of Xen guests. Examples include Enomalism, Xen Tools, Google's Ganeti, MLN, HyperVM, FluidVM, ConVirt (formerly XenMan) and Red Hat's Virtual Machine Manager, virt-manager.  Unfortunately, all of them fall short in one area or another in a distributed, secure and automated environment.

I will not get into how each of these management programs work but with few exceptions, they require complex installations into the Domain-0 or privileged domain and require incoming connections to it, or require a local desktop tool.  While this is convenient, it is not completely secure and can potentially lead to vulnerabilities.  If Domain-0 is ever compromised, all other guest domains running in it are vulnerable as well.  As a basic for security, the following should be required:

  1. Run the smallest number of necessary services on Domain-0.

  2. Use a firewall to restrict the traffic Domain-0.

  3. Do not allow users to access Domain-0.

  4. Do not allow any incoming connections to Domain-0.

So, How do you manage a Xen server remotely if you cannot directly access Domain-0 you say?  The answer is almost too simple, Domain-0 will use outgoing connections to a remote server.  This not only allows the server to be more secure, it can potentially reduce memory and load requirements of the management domain.

Currently, we have working scripts that can provision and manage guest domains as well as send statistics to a remote server.  These scripts are only just beginning but are currently working in a production environment.  Each are released using GPL licensing in hopes that others will gain some use and provide feedback so we can make managing xen servers easier and more secure.

Act Now To Prevent Data Breaches
OpenSSL Vulnerability

Related Posts

 

Tag Cloud

INFOSEC Announcement PCI compliance VPS Servers log files TLS physical shared hosting IT Solutions Presentation data protection Accountability Act protect data Server Mangement Home Depot Breach cyber monday Shmoocon iphone Internet Corporation email accounts command line logical security SSL Internet infrastructure hosting control panel management IT solutions permissions assesment search Payment Card Industry Internet InterWorx vyatta router firewall filter security PCI HIPAA PCI Solutions business community spf teensy PCI Compliance small business Control Panel HIPAA Solutions shared secure hosting Firetalk Business Planning Health Insurance Portability shared folders ZZ Servers HIDS video PCI Service Provider phishing attacks World Backup Day Security password data breach Email Vulnerability embedded cloud safe computing bash data privacy CentOs anti virus Assigned Names passwords HIPAA IT Services computer security Alarm credit card vulnerability scanning Hosting computer networks phishing dss arduino pci complliant hosting Health Care Cybersecurity motivation Windows Car Hacking cyber protection HIPPA caller-id personal information lamp PCI Data Security Standards cli Charleston kerio Credit Cards Cloud Computing Healthcare Records Credit Card Security Online Business shared server credit cards stolen PCI Hosting PCI apache members area businesses multi-factor authentication social engineering PCI DSS 3.2 Hackers Cybersecurity cyber liability insurance BSides exchange network mail server trends Information Technology business solutions openssl DEF CON IT security Small Business cybersecurity intrusion detection infrastructure recovering data GDPR smartphone Business Solutions Sysadmin information technology Web Hosting IT services ipad business Continuous Monitoring Domani Names sender policy eCommerce Solutions Xen spam amazon ec2 Ubuntu cyber Geekend spoofing David Zendzian HIPAA solutions backup solutions Medical Solutions IT computing in the cloud follow.The HIPAA Privacy Rule two factor authentication Scalable Redundant Cloud Infrastructure compliant hosting compliance Interworx-CP PCI Audit security circles ZZ Servers Co-Founder TiaraCon Cybersecurity Business Solutions Las Vegas activesync OSSEC windows 7 Compliance cyber security credit card payment health care providers dsbl Medical Records National Cyber Security Awareness Month cyber monitoring Debian security business solitions cloud infrastructure qsa support Zendzian change Positive Customer Impact healthcare solutions QSA eCommerce DRP ICANN vps Linux employee training physical security blackberry malicious software Reports education cell phone email black friday Disaster Recovery Plan