Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux 5 is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux 5 is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux 5.

Chapter 13. Securing Domain0

When deploying Red Hat Virtualization on your corporate infrastructure, you must ensure that domain0 cannot be compromised. Domain0 is the privileged domain that handles system management. If domain0 is insecure, all other domains in the system are vulnerable. There are several ways to implement security you should know about when integrating Red Hat Virtualization into your systems. Together with other people in your organization,you should create a'deployment plan' that contains the operating specifications and services that will run on Red Hat Virtualization, and what is needed to support these services. Here are some security issues to consider when putting together a deployment plan:

  • Run the lowest number of necessary services. You do not want to include too many jobs and services in domain0. The less things running on domain0, the higher the level of security.

  • Enable SeLINUX to help secure domain0.

  • Use a firewall to restrict traffic to domain0. You can setup a firewall with default-reject rules that will help secure attacks on domain0. It is also important to limit network facing services.

  • Do not allow normal users to access domain0. If you do permit normal users domain0 access, you run the risk of rendering domain0 vulnerable. Remember, domain0 is privileged, and granting unprivilged accounts may compromise the level of security.


 
 
  Published under the terms of the GNU General Public License Design by Interspire