Specifications
Securing Domain0
When deploying Red Hat Virtualization on your corporate infrastructure, you must ensure that
domain0 cannot be compromised. Domain0 is the privileged domain that handles system
management. If domain0 is insecure, all other domains in the system are vulnerable. There are
several ways to implement security you should know about when integrating Red Hat
Virtualization into your systems. Together with other people in your organization,you should
create a 'deployment plan' that contains the operating specifications and services that will run
on Red Hat Virtualization, and what is needed to support these services. Here are some
security issues to consider when putting together a deployment plan:
• Run the lowest number of necessary services. You do not want to include too many jobs and
services in domain0. The less things running on domain0, the higher the level of security.
• Enable SeLINUX to help secure domain0.
• Use a firewall to restrict traffic to domain0. You can setup a firewall with default-reject rules
that will help secure attacks on domain0. It is also important to limit network facing services.
• Do not allow normal users to access domain0. If you do permit normal users domain0 access,
you run the risk of rendering domain0 vulnerable. Remember, domain0 is privileged, and
granting unprivilged accounts may compromise the level of security.
Chapter 13.
25