Re: crypt question/server hotel

[Osamu Aoki <osamu@debian.org>]

Hi,

On Sat, Apr 17, 2010 at 10:49:20AM +0200, Jozsi Vadkan wrote:
> I want to put my server in a "server hotel".
> 
> But: I don't trust my "server hotel owner".
> 
> What can I do?

I am no expert on this issue but this is my common sense.

Do not use such untrusted servers for the sensitive data.

You can put measures to remote break-in etc.  But whoever have local
hysical access can get tou your data on the system.

(I do not quite understand what kind of server arrangement ...
virtualized or rack moiunted dedicated server... either way, it is the
same thing.)
 
> I can crypt my partition/hdd's that contains the data. Ok.
> But: then my operating system will not be encrypted. Not Ok.

Well, once booted, and if they have some kind of hardware access before
you boot into your system, you are doomed.  Because they can have
backdoor access.

> If I crypt my operating system too, then when a reboot comes,
> I have to type a password to decrypt. But my server will be at 
> a "server hotel" I can't directly use a keyboard [no service cpu]. 

All these methods protect against casual break-in but if system is run
under some super-server like xen etc., your security measure stopps
there.  
 
> What can I do [on technical side] to ensure a little more security 
> to my server [e.g: crypt my partition/slice/whatever, that has the 
> operating system, but without the "type password" ""problem""]

If they have monitoring system pre-installed, ... even with this
protection is no good.

> Thank you for any tips/help.

Keep sensitive data where you have full trust. The remote untrusted
servers are good for web gateway only.  But even for that, you should
have some trust to them.

Osamu