[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 08/30/2018 07:13 AM, Dag Nygren wrote:
On onsdag 29 augusti 2018 kl. 20:19:22 EEST Alvin Starr wrote:

So in this case do the VM's need to be protected from each other or are
they all inside a safe controlled network.
No, the environment is quite controlled.
What need to be achieved is that IF someone steal the image
for one or several of the VM:s they will not be able to
emulate the functionality on any other hardware platform.

The VM:s are together making up a functional
setup where they are all needed. Isolation between them is
not critical.
Your other options would be to use something like LUKS to encrypt the images and get the decription keys from a remote key server. That way if the whole computer is stolen the thieves will not be able to start any VM without the key server.

In either case if the thieves manage to get a root account on any of the servers then they will be able to use normal copy tools to extract as much data as they desire.

A more likely scenario would be that after some time the servers get turned off because of newer and shinier servers have been installed. Now somebody from Accounting sells the servers to someone to recover that last little bit of value and nobody thinks to scrub the data.

I know this happens because I once bought a tape system that had ALL of the backups from an HMO in California.

Is this to secure one VM from another or is it being used for something
like software licensing validation?

One has serious security implications the other is just making it
possible for someone to run a stupid licensing model on a virtual machine.
No licensing :-)


Alvin Starr                   ||   land:  (905)513-7688
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin@xxxxxxxxxx              ||

CentOS-virt mailing list

[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     []     [Xfree86]     [Linux USB]

  Powered by Linux