On Wed, Jan 6, 2010 at 8:51 AM, David Browning <dbtr...@optonline.net> wrote:
> I built an Opensolaris media server and backup machine for my local network.
> At some point I would like to add ampache to my setup. If you are not
> familiar, it is a media server that will stream audio/video to client devices
> over the internet.
> Obviously this requires that this application be exposed to the big bad
> world. So I would like to isolate this program as much as possible. I'm
> hoping to leverage other's experience and knowledge to figure out which would
> be the best way/approach to do this, so I'm not spinning my wheels down the
> wrong path.
You might want to read
http://blogs.sun.com/JeffV/entry/zones_security, which also points to
a Sun BluePrint I co-authored. The blog and BP discuss methods to
harden zones, including preventing an intruder from modifying the OS,
i.e. leaving a Trojan horse behind, and applying resource controls to
minimize DoS attacks.
It's even possible to do both: Zones on VBox, or VBox in a zone:
Principal Field Technologist
Sun Microsystems, Inc.
zones-discuss mailing list