New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need full disk encryption or manual image installs
anonuser1211
Member
in Requests
Looking for a provider that is:
- Trustworthy and reliable
- Has history of being able to be trusted with sensitive data
- Able to provide full disk encryption / or allow custom image installs where I can configure encrypted disks during installation
- Good laws where server is housed to protect server data
Comments
As far as I know, unless you have full exclusive 24/7 physical access to the hardware, it does not matter if you have a full disk encryption or not.
Providers will still (with enough determination) silently be able to access your data.
With that being said, I'm going to tag @Francisco as I think they meet some of your requirements.
Are you looking for a dedi or vps? We could certainly allow you to manually go through the install process & setup full disk encryption.
Feel free to reach out if you have any questions.
We have been in the industry for over 20 years, a legally registered company in India, offering VPS in USA, Netherlands and France.
We do allow custom image installations. Feel free to visit our VPS deals page to select any VPS to meet your requirements
hmmm, in like LXC/OpenVZ okay, but KVM, AFAIK as long as you install the VM with encryption (e.g encrypted LVM) you should be fine, but of course, the host will still have access to the raw disk file, so they can try to crack it offline.
The only way to have 'secure' FDE in a cloud environment is by renting a bare metal dedicated server. With any sort of virtualized environment, it's possible for the guest memory to be dumped from the host and for keys / data to be extracted.
We provide IPMI access with dedicated servers and allow clients to install their own operating system. We also allow ISO upload / custom installs on our virtual servers.
I can offer you the below on AMD Ryzen 7950X, with DDR5 RAM, NVMe, 10Gbit port, and 5x FREE backups in your choice of location: USA, UK, and Singapore.
Bigger and smaller plans are available as well, with custom ISO installs available where you can setup your own full disk encryption.
1x AMD Ryzen 9 7950X (4.5 GHz++)
2GB DDR5 RAM
50GB NVMe (PCIe 4.0)
3000GB Bandwidth (2000GB in Singapore)
10Gbit Port
1x IPv4 Address
/64 IPv6
DDOS Watch™
5x FREE Backup Slots
Automated rDNS
VirtFusion Control Panel
$4.99/month
Available in 3 locations: Spokane, WA (USA) - Coventry, UK - Singapore
Looking Glass, IPs & Test Files
Coventry, UK 🇬🇧
Looking Glass: https://cov-lg.layer.ae
IPv4: 207.2.121.3
IPv6: 2a05:dfc1:7f00:1::a
Spokane, WA 🇺🇸
Looking Glass: https://spk-lg.layer.ae
IPv4: 199.119.138.3
IPv6: 2602:fafd:f50:1::a
Singapore, Singapore 🇸🇬
Looking Glass: https://sgp-lg.layer.ae
IPv4: 207.2.122.3
IPv6: 2602:fafd:f52:1::a
Woah that’s interesting, would a deal be possible on any of the dedicated machines up for grabs
What kind of specs & location are you looking for, we have some available in NY, but I am not sure if they would be in your budget: http://smcdedicated.com
Hello @anonuser1211
You can check our dedicated server options, available in multiple locations, with configurations that suit various performance needs.
Choose from 16 GB to 1 TB ECC or DDR4 RAM, 4 to 96 core, SSD NVMe & SATA storage, Intel and AMD Ryzen processors, unmetered bandwidth, IP address, and built-in DDoS protection.
You won't face any issues if your activities comply with legal and ethical guidelines. Feel free to DM me for any queries.
Wouldn't they be able to dump the ram while the server is up silently (without any indication to the user)? Grab the decryption key from there?
I just read @DataWagon 's comment and yeah that's what I thought could happen.
I would also like to tag @MannDude & IncogNet. Highly highly recommended.
Yeah, didn't think about that one but true.
They REALLY need to want your data for them to go that deep though.
Send us a PM with what you're looking for, I'll see what we can do.
Or someone else really wants access to your data, and can coerce the provider to comply silently.
Bear in mind you have to trust the provider to some degree even when running bare-metal. Depending on how much they want to read your data, they can even perform coldboot attack on bare-metal server and dump RAM contents.
From there on, it's trivial to extract AES key (with aeskeyfind or findaes) used by LUKS or other FDE solutions and just decrypt the disk. There will be downtime when running bare-metal but that can be covered by unplanned maintenance work.
Such scenarios are highly unrealistic but still, it's possible. If you're using a virtualized VPS it's even easier - basically just a RAM snapshot, extracting the key and disk decryption.
Whether any provider actually does such things is a whole another topic. It's certainly within the reach of LE but I'm assuming you're not trying to do anything illegal.
A while ago there was a similar discussion about RAM encryption on VPS (which can mitigate the memory key extraction to some degree).
vpsbg.eu apparently enables AMD SEV (memory encryption for VMs) if you ask them. The price is high though and I'm not sure about their reliability.
Possibly Bahnhof (they used to host Wikileaks).
You won't find many on this forum who can offer genuine confidential computing and you're looking in the wrong place - you would struggle to find a PCI compliant provider here. It's also not really under the scope of 'low end'.
As pointed out above most implementations are susceptible to the keys being extracted from RAM.
Some AMD processors (EPYC/Ryzen) support Secure Memory Encryption (SME) which uses a single key to encrypt system memory. You'd need a dedicated server to utilise this though and there are still other attack vectors.
Hi, you can check our History and you can see we're in the market since many years. With Own Datacenter, Network and Hadware.
Until now, we are safe in some locations. We protect your data from 3rd parties. We don't give your information easily without a valid court order or MLAT.
You can do that in our dedicated server, specially Custom ISO:
https://alexhost.com/dedicated-servers/
VPS we support Disk Encryption and Dedicated Servers also.
We have good laws in our country, where the datacenter is.
But what you mean with protect your server data? No one will protect your server data if you receive a visit from Authorities. Do you will risk your business for few bucks? It depends of the content. We protect freedom of speech, as much as we can.
If you believe someone will host something for few bucks and have their servers seized, not the best approach.
Always check AUP and TOS of the server. Look at your competitors or websites and see where they are hosted.
Best Regards,
Alexhost
Consider AWS or Oracle's confidential computing offerings. They are sanely priced unlike GCP and Azure
Thanks for writing. Was looking at your dedicated server offers, you mentioned custom iso’s, but wont I need to pay extra for IPKVM to do that? So I can manually install the os and enable encryption?
If VNC is offered with all plans even dedicated , would I need to pay extra for IPKVM?
10€ for IPKVM
That's also a good option. I believe the cheapest Oracle VPS with fully encrypted drive and confidential computing running their distro will cost you around 20 usd / month.
The cheapest OCI CVM (VM.Standard.E4.Flex, 1G RAM/1 vCPU EPYC Milan/10GB SSD) with preemptive pricing is ~$10/month. OTOH, GCP actually have much better spot pricing for a much more powerful 8GB RAM/2 vCPU instance https://gcloud-compute.com/n2d-standard-2.html for less than $8/month with options from both AMD SEV-SNP and Intel TDX.
OTOH, none of the major providers have fully user reproducible TCB worth attestation, as their platform firmware is not open source (or at least source available with reproducible build). How much would you pay for a true open source attestable CVM?
It's straightforward to roll your own CVMs with EPYC Milan+ dedis (yes, it could be safer/more private than your laptops). Haven't seen any LE intel TDX dedi providers yet.
We offer full IPMI access to all of our dedicated servers, which you can use to install the OS of your choice directly into the drive and configure it however you wish.
Be sure to check out our current deals here: https://1gservers.com/letthread
I don't need that much compute or resources, looking for something cheaper, thank you though.
No worries. In the future it may be more beneficial to you to specify a budget, so the community can better align the responses to your expectations. Cheers!
Hello!
We can help you!
We are able to provide full disk encryption - contact us!
Contact us using DM at LET, live chat at https://vsys.host/, or email [email protected]
Was talking to the live chat, they were very helpful with the answers. However, you offer custom OS but the issue is that I would need to keep making a ticket for it on every re-install which is inconvenient. (As per what I was told in live chat)
do you do installs from the same ISO everytime? you can keep it mounted and change the boot order to hdd to use the server, then to ISO to reinstall. This way you just have to tlk to support once.
(a lot of hosts allow this, but not all)
That would be super neat if possible, I had no idea hosts offer that, and yes I usually use the same OS. I tend to reinstall frequently and and I also assume it would get tiresome for the support if I had to request them to manually keep uploading it etc.. (Thats so far what I've been told)
If you're feeling that uncomfortable and will keep using the same image repeatedly, we can offer a solution.
Will you keep using the same ISO repeatedly?
If it's a dedicated server, you can mount whatever you want yourself.
And yes, if a reinstallation is needed, we have to do it.
If so> @anonuser1211 said:
If you keep using the same ISO repeatedly, please reach out to us again. We can arrange things in a way that works for you. Please clarify what you discussed with me earlier.