On Wed, Jan 6, 2010 at 8:51 AM, David Browning <dbtr...@optonline.net> wrote:
> I built an Opensolaris media server and backup machine for my local network.
> At some point I would like to add ampache to my setup. If you are not 
> familiar, it is a media server that will stream audio/video to client devices 
> over the internet.
> Obviously this requires that this application be exposed to the big bad 
> world. So I would like to isolate this program as much as possible. I'm 
> hoping to leverage other's experience and knowledge to figure out which would 
> be the best way/approach to do this, so I'm not spinning my wheels down the 
> wrong path.


You might want to read
http://blogs.sun.com/JeffV/entry/shrink_wrap_security1 and
http://blogs.sun.com/JeffV/entry/zones_security, which also points to
a Sun BluePrint I co-authored. The blog and BP discuss methods to
harden zones, including preventing an intruder from modifying the OS,
i.e. leaving a Trojan horse behind, and applying resource controls to
minimize DoS attacks.

It's even possible to do both: Zones on VBox, or VBox in a zone:
http://blogs.sun.com/JeffV/entry/layered_virtualization .

Principal Field Technologist
Sun Microsystems, Inc.
zones-discuss mailing list

Reply via email to