[Users] OpenVZ Security / Trusted and Untrusted networks
Axton
axton.grams at gmail.com
Thu Mar 7 12:05:19 EST 2013
I wanted to solicit general feedback on this platform's security with
relation to using a HN that serves VPSs for both trusted and untrusted
networks. I'm curious if there have been any CVE's or other errata,
historically, that would have implications in this scenario.
I would like to use a cluster of HNs to host CTs that are on both trusted
and untrusted network (i.e., publicly exposed in one form or another). I
have no issues setting up the HN with access to the networks with bridge
interfaces and only setting up layer 3 access on internal management
networks, mitigating the exposure at that layer. Then creating CTs with
mutually exclusive access to either trusted networks or an untrusted
network.
Are there implication of using venet versys veth interfaces in this
arrangement? If venet, is it possible to create interfaces in the CT for
different networks? I.e., venet1 for ZoT1 and venet2 for ZoT2?
I am also concerned about the containment of the containers.. Have there
been scenarios where people have been able to break out of the CT and gain
access to or otherwise manipulate the HN?
I understand that with virtualization comes risk in this space, but I am
attempting to assess the level of risk.
Thanks,
Axton Grams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20130307/f7e1e63a/attachment.html>
More information about the Users
mailing list