[sf-lug] VPS question: accessible by root user on physical host?
Joe Royall
joe at 2resonate.net
Sun Jun 1 02:52:43 PDT 2008
On Sat, May 31, 2008 at 2:42 PM, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Jason Turner (jturner at nonzerosums.org):
>
> > Thanks for the info, Rick. Yep, I realize some element of trust will
> > always be involved if you don't have physical security.
>
> Oddly enough, you end up having some element of trust even if you _do_
> have physical security.
>
> Let's say you put your machines in a colo. You now have whatever
> physical security money can buy, which means the colo will protect your
> computing up to the limits of their business self-interest. Someone
> wanting to snoop need not suborn the entire colo organisation: One of
> your competitors, or a private investigator, or a criminal group, might
> just bribe or extort a janitor. Various Feds, if they wanted to pry,
> would generally serve a National Security Letter on the CEO. In any of
> those cases, you have hidden limits on the physical security you thought
> you enjoyed.
>
> Instead, you keep your machines behind locked doors at your business.
> Now, you have a slightly different (but overlapping) threat model to
> your physical security. (Your business has a janitor, too. ;-> )
>
> Finally, you can run the machines at your house -- but how physically
> secure is your house, really? Do you really trust young Mordred? He's
> a teenager now, and will probably give even your '70 Château Haut Brion
> to anyone willing to give him enough quarters for an afternoon of video
> gaming. If the cops, or a private eye, climbed in over the geraniums
> while you were off to Poughkeepsie, would you even _know_?[1]
>
> So, you always end up having to trust some number of people, to some
> degree, in some particulars -- regardless of physical-security
> precautions. The main point is to understand the risk model of each
> option.
>
> [1] The concepts of "tamper-evident", "intrusion-evident", and "IDS" are
> valuable, here. High confidence of being able to detect unauthorised
> access/use is perhaps a smarter goal then its prevention -- detection
> being easier to assure.
>
Access to your data on a vps is trivial. Your disk is virtual. The
provider can get shared access to your data without entering your operating
system, with a lvm snapshot for example. With google app engine I might have
concerns about portability.
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
>
--
Joe Royall
Red Hat Certified Architect
415-684-5402
joe at 2resonate.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20080601/d9f8059d/attachment.html>
More information about the sf-lug
mailing list