Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Encrypt or not traffic between servers on same datacenter
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Encrypt or not traffic between servers on same datacenter

miguelzabalamiguelzabala Member
edited April 2022 in Help

Hi guys,
Should I encrypt NFS plain traffic between dedicated servers on the same datacenter (OVH) ?

Comments

  • ralfralf Member
    edited April 2022

    It depends how much you care if other people can see your traffic.

    On my OVH machines if I do a tcpdump, there's a fair bit of traffic for other machines, so I'd say yes you should.

    Thanked by 3Erisa szymonp adly
  • NekkiNekki Veteran

    @miguelzabala said:
    Hi guys,
    Should I encrypt NFS plain traffic between dedicated servers on the same datacenter (OVH) ?

    What do you have to lose?

    Who is your adversary?

    Has anyone mentioned that you have lovely eyes?

  • jarjar Patron Provider, Top Host, Veteran

    You should. LEOs will put a box in the datacenter to capture your traffic and they won't even tell you it's happening.

  • YKMYKM Member

    Always encrypt, just not worth the risk or headache that goes with it when something goes wrong.

  • dane_dohertydane_doherty Member
    edited April 2022

    Generally yes, but I don't think you can encrypt NFS in a sane manner.

    Also I wouldn't trust full-disk encryption on servers you're not in physical posession of, because you know... they can just open the cabinet and dump everything live. I treat data that I put on remote machines as semi-public.

    There's an article from 2013 claiming NSA has enough storage to store all worldwide communications for 100 years. After reading it, I became very cautious about putting sensitive stuff online even in encrypted form.

    https://www.npr.org/2013/06/10/190160772/amid-data-controversy-nsa-builds-its-biggest-data-farm

  • let_rockslet_rocks Member
    edited April 2022

    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I consider no encryption depending on the kind of data.

    But in general I would recommend encryption.

  • NekkiNekki Veteran

    @let_rocks said:
    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I would do it depending on the kind of data.

    But in general I would recommend encryption.

    Let rocks what?

  • @Nekki said:

    @let_rocks said:
    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I would do it depending on the kind of data.

    But in general I would recommend encryption.

    Let rocks what?

    LowEndTalk rocks

  • NekkiNekki Veteran

    @let_rocks said:

    @Nekki said:

    @let_rocks said:
    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I would do it depending on the kind of data.

    But in general I would recommend encryption.

    Let rocks what?

    LowEndTalk rocks

    Well that's very nice of you. What do you like about LET?

  • @Nekki said:

    @let_rocks said:

    @Nekki said:

    @let_rocks said:
    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I would do it depending on the kind of data.

    But in general I would recommend encryption.

    Let rocks what?

    LowEndTalk rocks

    Well that's very nice of you. What do you like about LET?

    The drama, provider promotion threads, and general discussion about hosting and stuff.

  • NekkiNekki Veteran

    @let_rocks said:

    @Nekki said:

    @let_rocks said:

    @Nekki said:

    @let_rocks said:
    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I would do it depending on the kind of data.

    But in general I would recommend encryption.

    Let rocks what?

    LowEndTalk rocks

    Well that's very nice of you. What do you like about LET?

    The drama, provider promotion threads, and general discussion about hosting and stuff.

    I'm glad you listed drama first. That is the correct answer.

    See you around, Roxxy.

    Thanked by 1Erisa
  • @Nekki said:

    @let_rocks said:

    @Nekki said:

    @let_rocks said:

    @Nekki said:

    @let_rocks said:
    If you don’t care about possible snooping or data integrity, don’t use encryption. If the servers are in the same rack with a more direct connection or like via a switch in that rack I would do it depending on the kind of data.

    But in general I would recommend encryption.

    Let rocks what?

    LowEndTalk rocks

    Well that's very nice of you. What do you like about LET?

    The drama, provider promotion threads, and general discussion about hosting and stuff.

    I'm glad you listed drama first. That is the correct answer.

    See you around, Roxxy.

    Cheers.

  • @miguelzabala said:
    Hi guys,
    Should I encrypt NFS plain traffic between dedicated servers on the same datacenter (OVH) ?

    Generally yes. You can get a private switch for an enclosed network to avoid the performance cost of encryption. Transparently encrypting using some kind of tunnel over a public switch is a must

  • zedzed Member

    always tunnel. even if you don't see anyone else's traffic on the wire today, you've no guarantee somebody won't oops a patch cable tomorrow. always assume hostile environment.

  • ErisaErisa Member

    @Nekki said: I'm glad you listed drama first. That is the correct answer.

    What is your second favourite thing about LET, aside from drama?

  • NekkiNekki Veteran

    @Erisa said:

    @Nekki said: I'm glad you listed drama first. That is the correct answer.

    What is your second favourite thing about LET, aside from drama?

    The pictures people send my via PM

    Thanked by 1Erisa
  • ErisaErisa Member

    @Nekki said:

    @Erisa said:

    @Nekki said: I'm glad you listed drama first. That is the correct answer.

    What is your second favourite thing about LET, aside from drama?

    The pictures people send my via PM

    Sharing is caring

  • Wireguard 100% of everything 100% of the time.

  • MaouniqueMaounique Host Rep, Veteran
    edited April 2022

    If an adversary can setup a box in the DC to sniff traffic it stands to reason there is a big chance they can also read your disks and capture unencrypted traffic inside your machine, therefore it is kinda futile.

  • Always good to be paranoid, even internal traffic within the same DC should go through TLS for example.

Sign In or Register to comment.