[sf-lug] VPS question: accessible by root user on physical host?

Joe Royall joe at 2resonate.net
Sun Jun 1 02:52:43 PDT 2008

On Sat, May 31, 2008 at 2:42 PM, Rick Moen <rick at linuxmafia.com> wrote:

> Quoting Jason Turner (jturner at nonzerosums.org):
> > Thanks for the info, Rick.  Yep, I realize some element of trust will
> > always be involved if you don't have physical security.
> Oddly enough, you end up having some element of trust even if you _do_
> have physical security.
> Let's say you put your machines in a colo.  You now have whatever
> physical security money can buy, which means the colo will protect your
> computing up to the limits of their business self-interest.  Someone
> wanting to snoop need not suborn the entire colo organisation:  One of
> your competitors, or a private investigator, or a criminal group, might
> just bribe or extort a janitor.  Various Feds, if they wanted to pry,
> would generally serve a National Security Letter on the CEO.  In any of
> those cases, you have hidden limits on the physical security you thought
> you enjoyed.
> Instead, you keep your machines behind locked doors at your business.
> Now, you have a slightly different (but overlapping) threat model to
> your physical security.  (Your business has a janitor, too.  ;->  )
> Finally, you can run the machines at your house -- but how physically
> secure is your house, really?  Do you really trust young Mordred?  He's
> a teenager now, and will probably give even your '70 Château Haut Brion
> to anyone willing to give him enough quarters for an afternoon of video
> gaming.  If the cops, or a private eye, climbed in over the geraniums
> while you were off to Poughkeepsie, would you even _know_?[1]
> So, you always end up having to trust some number of people, to some
> degree, in some particulars -- regardless of physical-security
> precautions.  The main point is to understand the risk model of each
> option.
> [1] The concepts of "tamper-evident", "intrusion-evident", and "IDS" are
> valuable, here.  High confidence of being able to detect unauthorised
> access/use is perhaps a smarter goal then its prevention -- detection
> being easier to assure.

Access to your data on a vps is trivial.  Your disk is virtual.  The
provider can get shared access to your data without entering your operating
system, with a lvm snapshot for example. With google app engine I might have
concerns about portability.

> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug

Joe Royall
Red Hat Certified Architect
joe at 2resonate.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20080601/d9f8059d/attachment.html>

More information about the sf-lug mailing list