New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Not trusting the provider of dedicated machines
Yello. So anyone had experience with securing remote dedicated machines from any kind of external screwing? Like blocking off the usb ports and such stuff. Anyone had situations when an SOB hoster decided to steal something from your hard drives?
Got screwed by a hoster trying to access your files
- Got screwed by a hoster trying to access your files52 votes
- Negative88.46%
- Borderline Affirmative7.69%
- Affirmative3.85%
Comments
If you're that paranoid, just colo a server.
Go with a known provider hetzner/ovh if you’re uncomfortable with less known providers
Always act like you are in zero trust environment if you don't control hardware.
It sounds like you don't completely trust your provider. Why host with them then?
spot on - pointless to host your hardware if you don't trust colo provider, I've seen similar setups in the past where dedicated servers were secured with locks and had no USB ports. This way, it's obvious if someone has physically accessed them, especially when you visit the data center to check on your hardware.
You should go to a different provider if you don't trust them.
Ultimately, they have full control of the hardware. Doing things like blocking USB ports is ineffective if, as the provider, I can simply remove your hard drive and make a copy of it
@ktalap
I miss the option "borderline negative".
We actually had a client add a BIOS password, then disable USB ports after. Ended up just throwing the machine in the garbage after he left. Wasn't worth the time to manually reset BIOS.
It's not USB you should be worried about... see https://github.com/ufrisk/pcileech
Now that you can no longer buy the Kimsufi Atom N2800 boxes, the next best low end option for near-idle secure workloads that you can't host at home for some reason is EC2 T4g
Pointless if there's a fusk virtual volume for data that unmounts on shell login and only can be re-mounted manually.
Colo for the paranoid:
Rent an own cage, secure the server and remove all USB ports, etc, monitor your server with a camera and place next to your server an otp device where the exact pendant is next to you, so you can see if the data feed to your camera gets interrupted.
Provider buys an identical server. Network glitch for a second. You check your camera and everything looks fine, but you're looking at your OTP in front of a different server...
Just put a mask on and rip it out with a crowbar.
network glitched for a second so the server is not secure anymore
You could also sleep in front of your server
To prevent such issues, the server owner should consider a secure cage - complete with security guards or a guard dogs, and clear signage stating that the owner bears no responsibility for individuals who enter the cage
Just implement encryption at rest.
Off-site remote logging can tell you if something happens..
dmesg streamed to an external server will tell you if something has been plugged into a USB port without needing to worry about local logs being tampered with..
But if you don't trust your hosting facility, it is time to go elsewhere or build your own.
In order to steal data from your server one needs to connect to the USB ports and then hack into the server, and then copy the data.
More likely to power off the server and clone the storage. This has been done by law enforcement many times...
Dedicated server, LUKS and/or OPAL can help with this threat, but you would need a way to prevent the threat from capturing it when you enter it, trip to the datacentre everytime you need to enter it?
You will most probably notice mitm on ipsec and ssh.
But the OS isn't running yet to load your keys.
Determined adversaries would capture the USB traffic between the IPMI and the server.
Makes sense, need to think it through
Cheap, but not free.
I would opt out of guard dogs and instead hire some guard cats. They are much more effective in distracting potential bad actors. Furthermore if you setup a camera and live stream it you can probably make profit of it and have people watching your server and protecting it for free.
Likely a niche market right there. Also the cats would have a warm environment. What's the worst thing that can happen? They are going to unplug cables? Great even better automated and random failover tests.
Add guard dogs also inside the server! In addition make server self-detonate when any not authorized DNA is sensed.
And of course only - no exceptions! - use your own DC that you fully control buried deep inside another planet, preferably one that looks boringly uninhabitable.
Finally fall into a solid coma so as to avoid ever spilling out the entry code!
Side note: nevar fly directly to your planet! Always try to hide your starship a beefy part of the voyage behind a Vogon cruiser. Better safe than sorry.
Sounds like HSMs.. They self-detonate when a cover is removed unexpectedly, often even when removing the cover is expected.
Full disk encryption protects against 'normal' threats, unless you are dealing with attackers with direct physical access to the RAMs.
+1 for camera monitor. That will deter the tyrants. A double sided motion sensored one with a flashlight.
That is why I mentioned needing to go to the datacentre to enter the password to unlock the drive.. There is no safe way to do it remotely, I've tried to think of a way it could be done, but haven't come up with anything yet..
Newer systems encrypt the RAM too.
On a side note: I actually have ("safe way to do it remotely"), but it was a PITA to design and implement and also is a PITA to config, plus it doesn't really solve the core problem but "only" moves it to another (and highly likely easier and better to protect) location. And of course at least some (but small) extra hardware is needed.
While surviving a formal verification (a) who wants a PITA solution? and (b) it was done basically just as an interesting logical and technical challenge. Some actually usable things have come out if it though, but sadly the kind of stuff that always and completely is under a strict NDA.
I thought I'd mention it anyway to indicate that there are parties (some private even, most gov. type though) who do try to find solutions for "hardcore security".