Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Most secure VPS virtualisation type?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Most secure VPS virtualisation type?

syamansyaman Member
edited July 2012 in General

Greetings all

Yes I know there is no truly 100% secure anything :p
but based on VPS virtualisation technology alone, which one is the most secure against unscrupulous providers?

For instance, with OpenVZ am I right to say that an unscrupulous provider can easily browse whatever's in your VPS if they want to?

Is this also the case for Xen and KVM?

Comments

  • I'm guessing they can always descend into, or view any files they want. But isn't there a process you can disable from ovz that disallows host descend into your vm container? @mrladoodle may know.

  • You can always make a script to watch out for the vz process spawning in your container, I think Webmin actually does this.

    But they can just cd /vz/private/

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2012

    I'm inclined to think that they're all fairly equal as far as the provider's ability to view your files. At some level you have to trust someone in this business (this being anything related to storing data on someone else's property), just choose wisely and don't store important data with a provider you're not yet sure about.

  • yomeroyomero Member

    KVM/Xen with encrypted drives.
    With Xen is more complicated because the providers just give you one drive.

  • joepie91joepie91 Member, Patron Provider

    Given sufficient effort from an attacker that has access to the host node, no virtualization technology will protect your files.

    Thanked by 1gsrdgrdghd
  • TazTaz Member
    edited July 2012

    I hear morphology!

  • yomeroyomero Member

    @joepie91 said: no virtualization technology will protect your files.

    Are you sure you can decrypt my partitions? well...

  • @yomero said: Are you sure you can decrypt my partitions? well...

    is your vm booted -> yes

  • qjqqjq Member

    @yomero
    they will probably take a few years but then sooner or later the stuff still can get decrypted

  • yomeroyomero Member

    @qjq said: they will probably take a few years but then sooner or later the stuff still can get decrypted

    As in EVERY system. That isn't a concern about virtualization.

    @justinb said: is your vm booted -> yes

    How? Maybe you will inject some code to the qemu process or sth?
    Or you will dump my memory to search the key maybe.
    Agree, but too complex.

  • lbftlbft Member
    edited July 2012

    @yomero said: Are you sure you can decrypt my partitions?

    If the VPS can decrypt them itself if rebooted, sure.

    If you need to enter a password to mount, sure, but it's harder. They can dump your memory at any time necessary, or get your SSH private key (edit: I meant host key) from your unencrypted partition and MITM your SSH session where you mount the encrypted partition, or eavesdrop on any out-of-band access you might use to enter a passphrase (KVM VNC, Xen serial console/hvc0), or (depending on virtualisation type) control your boot options or the selection of the kernel itself, or I'm sure there are a multitude of other ways I can't even think of.

  • yomeroyomero Member

    @lbft said: If you need to enter a password to mount,

    Of course.

    @lbft said: They can dump your memory at any time necessary

    Yes, and search. You have a point here. Too complex (again).

    @lbft said: or get your SSH private key from your unencrypted partition

    Why I would choose to save ssh keys somewhere? nah

    @lbft said: or eavesdrop on any out-of-band access you might use to enter a passphrase (KVM VNC, Xen serial console/hvc0),

    Yes, and you get a normal login prompt. You can't do nothing there.

    @lbft said: control your boot options

    Is encrypted, you can't do nothing using another kernel

  • jarjar Patron Provider, Top Host, Veteran

    I think the lesson here is that one needs to go through significant effort to hide the data on their system from the system itself.

    Thanked by 2yomero TheHackBox
  • joepie91joepie91 Member, Patron Provider

    @yomero said: Are you sure you can decrypt my partitions? well...

    Tell me how you expect a system to boot automatically if the decryption keys are not present on that same system or some kind of system that it can access. Which would be a typical usecase for a VPS. Encrypted partitions only work if the owner has to enter a password on boot/mount. Considering no specific usecase (such as 'remote work') was mentioned, I am assuming the typical VPS usecase - providing some kind of public service. A public service has to be available, and as such has to survive a reboot and boot itself automatically. In which case you cannot encrypt your data in a manner that cannot be unencrypted by the host.

  • PADPAD Member

    With OVZ it is a matter of one command, and the host node has full root access to the container.

  • IntcsIntcs Member
    edited July 2012

    @yomero said: How? Maybe you will inject some code to the qemu process or sth?

    Or you will dump my memory to search the key maybe.
    Agree, but too complex.

    I think that since your VPS is decrypting the partition to view and run files, the hacker will only have to get control over your VPS without knowing the encryption key, and then he will transfer all your data outside, since it's probably decrypted by your system during startup of VPS to have access to, isn't it? So that makes your partition "open" during system/programs run :O

  • syamansyaman Member

    @PAD Does that mean it is not as effortless to snoop on KVM and Xen VPSes?

  • AmfyAmfy Member

    The drive of XEN can be also mounted from the provider, but it's not that simple as in OpenVZ. I think KVM should be the securest way since it is like a dedicated server you can encrypt your drives and encrypt it on booting over ssh. But it's difficult to set that up. I usually need about 2 hours for that...

    But you as long as you won't host critical files on the vps that shouldn't be necessary... and even if you encrypt the harddisk the provider could read the passphrase out of the RAM or sniff your traffic...

    The most securest way is, to rent a dedicated server with one of these new Invy bridge CPUs, because there you're able to put the passphrase in the L2/L3 Cache so it should be impossible to get the key... :)
    But be ware, for example in france that would be against the law...

  • yomeroyomero Member

    @joepie91 said: Which would be a typical usecase for a VPS.

    Exactly. That is your personal preference.

    @joepie91 said: Encrypted partitions only work if the owner has to enter a password on boot/mount.

    Yes, I mount manually. VNC/SSH (Ok, VNC and MITM is another issue).

    @Intcs said: I think that since your VPS is decrypting the partition to view and run files

    Indeed. But ok, now my disk is mounted, how you will "hack" my system? =) That is another story, and as I said, I mount manually.

    In conclusion, and as a cliché, there is no 100% secure system, but I think you are looking for vulnerabilities completely independent of the main idea.

  • There isnt a "Vitualisation" that will protect you from nasty hosts, it's just how it is, they own the node you're on. So they have FULL access to it, even if it's encrypted, if they wanted to get in, there's always a way.

    As others have suggested, you have to have some trust in the company you're going to store any sensitive information on, and if you're still not satisfied, get yourself a small dedi like the KimSufi -- Even though OVH can most likely access them too, being how automated it all is, custom kernals etc.

  • AmfyAmfy Member

    @eastonch said: Even though OVH can most likely access them too, being how automated it all is, custom kernals etc.

    Nah, use for example the standard debian kernel and remove their ssh-key from .ssh/authorized_keys2 and you should be more secure. And also: If you have a dedicated machine you have much more freedom to protect your stuff.

  • gsrdgrdghdgsrdgrdghd Member
    edited July 2012

    @Amfy said: because there you're able to put the passphrase in the L2/L3 Cache so it should be impossible to get the key... :)

    Nope. Putting the key into the L2 cache is done to prevent cold-boot attacks.

    There is no way to securely store data on a remote machine (as long as the data also needs to get decrypted remotely).

  • AmfyAmfy Member

    @gsrdgrdghd said: Putting the key into the L2 cache is done to prevent cold-boot attacks.

    Yes, right. And it prevents also if police tryes to get the key when they freeze the RAM sticks and try to read it out of them.

    @gsrdgrdghd said: There is no way to securely store data on a remote machine (as long as the data also needs to get decrypted remotely).

    It always depends against who you want to be secure. Show me one law enforcement that is able to get the key of a L2 cache...

    Thanked by 1yomero
  • @Amfy said: And it prevents also if police tryes to get the key when they freeze the RAM sticks and try to read it out of them.

    Thats exactly what cold-boot attacks are.

    @Amfy said: It always depends against who you want to be secure. Show me one law enforcement that is able to get the key of a L2 cache...

    That doesn't change that its theoretical impossible to achive security. Also this discussion is about virtualization technologies and providers, not about dedicated servers and law enforcement agencies. But for the record i don't think any normal police force would attempt a cold-boot attack or likewise and if you have data on your servers that the NSA wants you're fucked anyway.

  • vdnetvdnet Member

    I think the main question isn't about the technology here.

    If you don't trust your host, then why are you buying services from them to host sensitive files? If you have that sensitive of data that you don't want people seeing, then you shouldn't be choosing a host that is charging $3/m and been around for 4 months.

    You should trust your host to put you on a secure node and to give you privacy.

    Thanked by 1yomero
  • CoreyCorey Member

    I agree with @vdnet, and if your information is that sensitive why bother with the administrative time to encrypt everything and try to make it unreachable when you can just have the provider sign a NDA.

Sign In or Register to comment.