On Wed, Jan 6, 2010 at 8:51 AM, David Browning <dbtr...@optonline.net> wrote: > I built an Opensolaris media server and backup machine for my local network. > > At some point I would like to add ampache to my setup. If you are not > familiar, it is a media server that will stream audio/video to client devices > over the internet. > > Obviously this requires that this application be exposed to the big bad > world. So I would like to isolate this program as much as possible. I'm > hoping to leverage other's experience and knowledge to figure out which would > be the best way/approach to do this, so I'm not spinning my wheels down the > wrong path.
David, You might want to read http://blogs.sun.com/JeffV/entry/shrink_wrap_security1 and http://blogs.sun.com/JeffV/entry/zones_security, which also points to a Sun BluePrint I co-authored. The blog and BP discuss methods to harden zones, including preventing an intruder from modifying the OS, i.e. leaving a Trojan horse behind, and applying resource controls to minimize DoS attacks. It's even possible to do both: Zones on VBox, or VBox in a zone: http://blogs.sun.com/JeffV/entry/layered_virtualization . --JeffV Principal Field Technologist Sun Microsystems, Inc. _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
