Osamu Aoki wrote:
Hi, On Sat, Apr 17, 2010 at 10:49:20AM +0200, Jozsi Vadkan wrote:I want to put my server in a "server hotel". But: I don't trust my "server hotel owner". What can I do?I am no expert on this issue but this is my common sense. Do not use such untrusted servers for the sensitive data. You can put measures to remote break-in etc. But whoever have local hysical access can get tou your data on the system. (I do not quite understand what kind of server arrangement ... virtualized or rack moiunted dedicated server... either way, it is the same thing.)I can crypt my partition/hdd's that contains the data. Ok. But: then my operating system will not be encrypted. Not Ok.Well, once booted, and if they have some kind of hardware access before you boot into your system, you are doomed. Because they can have backdoor access.If I crypt my operating system too, then when a reboot comes,I have to type a password to decrypt. But my server will be at a "server hotel" I can't directly use a keyboard [no service cpu].All these methods protect against casual break-in but if system is run under some super-server like xen etc., your security measure stoppsthere.What can I do [on technical side] to ensure a little more security to my server [e.g: crypt my partition/slice/whatever, that has the operating system, but without the "type password" ""problem""]If they have monitoring system pre-installed, ... even with this protection is no good.Thank you for any tips/help.Keep sensitive data where you have full trust. The remote untrusted servers are good for web gateway only. But even for that, you should have some trust to them. Osamu
you may be interested in this: Unlocking a LUKS encrypted root partition via ssh http://www.debian-administration.org/articles/579
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature