Re: Dedicated server vs. VPS

To: Timh B <timh@shiwebs.net>
Cc: Stayvoid <stayvoid@gmail.com>, debian-security@lists.debian.org
Subject: Re: Dedicated server vs. VPS
From: "Bedwell, Jordon" <jordon@envygeeks.com>
Date: Mon, 5 Mar 2012 03:30:59 -0600
Message-id: <CAN5oe=3EpspSk27x4oVqbLLLShUJ+C0EJfp34eY6Yz2Q46WaTg@mail.gmail.com>
In-reply-to: <52b255c8764375abcd897d1a6f58cf8e.squirrel@webmail.shiwebs.net>
References: <CAK5fS_E3BvagOa40hDW25ux_Bd66O7x1+SM+FhEh=NyyzBgd4Q@mail.gmail.com> <52b255c8764375abcd897d1a6f58cf8e.squirrel@webmail.shiwebs.net>

On Mon, Mar 5, 2012 at 2:59 AM, Timh B <timh@shiwebs.net> wrote:
> Hi,
>
> This should probably be discussed off-list, anyway - the one that has the
> most dedicated resources and has the best security policy. Generally when
> it comes to keeping the kernel/system tools updated it's all about your
> own OS since it's usually "independent" from the hostnode. Except kernel
> in the openvz-case where the provider is responsible of keeping the kernel
> up to date. There will always be undiscovered holes in the kernel and/or
> toolchain but a hoster that does not put their hardware nodes on the
> internet is one step closer to good security.

OpenVZ has nothing to do with it, all of them have that ability so
specifically mentioning OpenVZ when Xen is like that and so is VMWare
(to an extent I guess) is absolutely pointless.  It's up to the
provider to decide what type of VM you have, and the fact is that most
of them chose not to give you access to the kernel because most of
them know how many unknown exploits there are, and keeping the Kernel
out of the VM space prevents kernel exploits (to a certain extent) but
good providers give you the ability to select your kernel or kick it
into a mode that allows you to use your own kernel.

> There is no way you can "restrict" a hosters access to your VPS, that's
> basically true for DS as well if you have the root-password in some sort
> of control-panel or if the support has it for some reason.

This is not true in any case, including a dedicated server.  It takes
but a minute and your drive to get access to your server, root
password or not, adjusted grub bootloader or not.  Saved in a control
panel or not.  This is a quite talked about subject when it comes to
Linux, but it's not really a security problem for the most part unless
you plan to get a laptop stolen or something, but there are clear ways
to fix that problem.  Unless that entire drive is encrypted and
requires the password to even boot they can get into it anytime they
want.  Dedicated servers are no more secure then VM's when it comes to
this.  It does however make them harder to manage and recover in user
error since they don't attach a TTY.

Reply to:

Follow-Ups:
- Re: Dedicated server vs. VPS
  - From: Carlos Alberto Lopez Perez <clopez@igalia.com>

References:
- Dedicated server vs. VPS
  - From: Stayvoid <stayvoid@gmail.com>
- Re: Dedicated server vs. VPS
  - From: "Timh B" <timh@shiwebs.net>

Prev by Date: Re: Dedicated server vs. VPS
Next by Date: Re: Dedicated server vs. VPS
Previous by thread: Re: Dedicated server vs. VPS
Next by thread: Re: Dedicated server vs. VPS
Index(es):
- Date
- Thread