On Tue, Apr 3, 2012 at 5:07 PM, Nicholas MIller <nick.kyky@xxxxxxxxx> wrote: > On Apr 3, 2012 3:59 PM, "Kaiting Chen" <kaitocracy@xxxxxxxxx> wrote: > > > > On Tue, Apr 3, 2012 at 4:56 PM, Nicholas MIller <nick.kyky@xxxxxxxxx> > wrote: > > > > > hello > > > > > > I currently host my personal webpage from a virtual machine at my > house. I > > > am looking to add a mailserver as well as an irc server. however I > don't > > > know if I should be using a separate vmachine for each service. I am > more > > > concerned about security than resource use. however the publicly > reachable > > > IP I have is through an external vpn provider (i believe it is strong > > > vpn). any ideas suggestions would be appreciated. > > > > > > > There's really no reason you need another VM for each of those services. > > Make sure you have proper privilege separation and you should be fine. > > --Kaiting. > > > > -- > > Kiwis and Limes: http://kaitocracy.blogspot.com/ > > please correct me if I'm wrong but running each service as it's own user > without access to anything it doesn't need it's what you mean? and this > might be a stupid ? but do you agree with your statement still if I need to > use nfs reachable outside my home network > Yeah run each service as an unprivileged user and you should be fine. If security is very critical than run something like SELinux or a similar RBAC system. If you're doing NFS over the internet the best method is to use Kerberos + GSSAPI for authentication and IPsec to secure the channel. --Kaiting. -- Kiwis and Limes: http://kaitocracy.blogspot.com/
