New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Indeed. It's no one's business whether I need to hide something. It's simply attempt to utilize one's right to keep one's data confident and inaccessible by 3-rd parties without proper approval.
An example: there's nothing extremely secret/whatever in database backups I keep for my sites. However, I encrypt those with 256 bit one-time symmetric-key prior to storing on backup servers. Just because it's no one's business to peek into.
So, you don't want to hide the personal information from the host? I thought hiding it was the whole point here.
I wish you two would not try and combine an argument about VPS security with Admin access. 2 different things. Admin always has 100% access to EVERYTHING. If you are paranoid about that then by all means use KVM and encrypt away. Just please don't try talk about Admin access and hackers trying to steal your customers personal info or whatever as if it's the same thing.
You paid by CC or Paypal and are usually required to give your name and address and email address. You also have to give a root password when signing up. Could be one you use other places. So the Admin already has WAAAAAAY more info than 99.99999% of hackers will ever get from day 1.....lol.
They are not different things. Your host accessing your VPS (or, someone who hacks into your host and then accesses your VPS) is an important aspect of security, especially if your host is Server Crate.
Well that's why most people here give a fake root password when signing up..
So what are you trying to hide? If I had someone like you going to the lengths you described to try prevent access I would be suspicious you were involved in one of the big taboo's and possible dump you anyways. Every provider reserves the right to do that and it does happen from time to time.
I have way more access then any hacker could ever possibly get and if you cannot trust your admin you cannot trust anyone. Or get your own colo if you are that paranoid. Even that won't hide whatever it is you are up to as they also reserve the right to throw you out or confiscate your hard drives.
>
So what are you saying, you suspend anyone who doesn't want to give you their password? You're the one who seems more than a bit suspicious then. Securing the VPS from some attacks on the host node... but I already said that, so probably you just don't want to read.
Edit: also it's funny how you're a provider yet seem to fail to understand basic security measures. Oh well, all you need is SolusVM and WHMCS these days
What is it you are doing that you don't want people to find out?
Maybe you should read the entire topic first, it's only one page anyway.
No one is worried about people finding out WHAT they are doing. It's about an attacker or other untrusted third party accessing private data. For example, as has already been stated, running a WHMCS installation on a VPS with another provider.
Can you please explain how one gets "attacked" by their admin. I want to learn. Please teach me.
Wow, I already said, what if the host node gets compromised? That's another security risk. Thus reason to not use virtual machine for sensitive things, and almost everything is sensitive. Or at least encrypt the disk so you would have to do a memory dump or something much more complicated than running cat to recover data, and then you would only be able to recover the data if it was currently in use and VM was still powered on.
Or, you know, Server Crate..
No I don't know server crate. Should I? If you want absolute security cut the ethernet cable and just keep the hard drive empty. Boom. You are secure. These security arguments are always so pointless. People argue about unknown threats when in fact security is all about risk management. How much risk are you willing to accept and how much work and complexity are you willing to put up with to get it.
It's not about blocking things just because of mostly imaginary or highly unlikely what if's and always being paranoid.
But again....has nothing to do with administrators of your server. That is like worrying about falling down the stairs and breaking your neck. I'm sure I can find stories about that happening too. Does that mean I am going to recommend nobody walk down stairs or always wear a helmet when they do?
People, any paranoid person will not use any kind of vm to store live data.
IF your key is in memory one way or the other it will be possible to be read. The encryption programs are either open source or can be read as binary code at the very least. The location of the key will be known and then the whole encryption is for nothing.
You can, however, store offline data, backups, for example, you can even mount them pretty safely if you do the decryption at your end and not on the VM. The attacker will be able then to see only some blocks of data being exchanged, they could do that if they listen at your provider, presuming you are not over some other encryption such as some ssh tunnel, wont help them much without the key on your PC.
Oh look, it's one of those "I've got nothing to hide" people! Did not think I will meet one of them around here.
By the name of Cthulhu the Great!
I always knew security-related subjects can grow into arguments over incorrectly set questions. Whereas everything is simple: there can't be absolute security. All we have is percentage: what are chances that given percentage of people will NOT be able to access data they aren't assumed to access, within given timeframe.
The higher the desired percentage, the more difficult is the task. Can data be stored safely on VPS, so that no one could read them within reasonable timeframe? Yes, if they are stored encrypted, separately from key components. Wherever you try to decrypt data on a computer that isn't absolutely isolated from all the world, data can be compromised. End of story.
If I would need to store and access/modify anything really top-secret, I wouldn't use 3-rd parties services.
So, if you don't mind returning to the original subject: does anyone keep the dynamic ratio data on virtualization techniques used for providing hosting services?
oh this is one of those arguments that goes round in a circle.... well I ignored everything after it became an e-penis war but picked out the word 'Ratio' in your topic so thought I would throw in a comment.
The ratios for hosting still on nodes which also explains why OpenVZ is so popular with 2bit hosts.
Xen you reserve some for your dom0 e.g. 2GB on a 32GB node and you can sell the remaining ram to 100% without any worries or issues later down the line.
KVM unlike xen you dont do a hard reservation to ensure your node does not die but it is generally less efficient / more aggressive when it comes to CPU and ram use as each VM is essentially a process on the server so once you even approach 70% unless you have a balanced or ssd based swap things get messy which is why it is usually more expensive.
OpenVZ is great fun when it comes to node density, you can oversell ram by about 8 - 10 times without any concern at all e.g. selling 300GB worth of VPS on a 32GB node, the total lack of resource separation actually almost makes up for the performance hit too that you get with the other 2 but obviously at the cost of security.
Yes, OpenVZ is so flexible you can massively oversell if you want. We NEVER get that pointed out enough around here so thanks so much Xen hosting provider.
You are so damn welcome FYI, I also do OpenVZ
..and I also do KVM. Does that mean my e-penis is bigger than yours?
This remarkable exchange should definitely be added to "News of pure and applied phallometry".
damn I guess so ;(