Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Avoid OpenVZ "snooping"
New on LowEndTalk? Please Register and read our Community Rules.

Avoid OpenVZ "snooping"

lestilesti Member

I am worried about having an email server on some OpenVZ VPS. It is too easy to get your files checked and readed by the server admin.

My VPS uses exim4 as MTA, also it uses TLS/SSL to protect against MITM attack, however this all is futile when your service provider can access your private keys files, that are stored in the VPS.

Also, encrypt a disk partition with LUKS won't help, because the server admin could always search of dump throw the RAM memory of the server looking for the point where the information is about the get encrypted, and catch it before that happens.

So, in a general approach, how coul you protect your information on a virtualized platform?

P.S.: please avoid comments like "do you have something to hide?", "why do you want to do this?", "is your information so important?", etc.

«1

Comments

  • the smartest thing to do would probably be to not use an OpenVZ VPS.

    with KVM options so cheap, why bother with OVZ?

    Thanked by 3rm_ tux jar
  • Three options:

    1. If you don't trust the provider, find another one.
    2. Don't use OpenVZ.
    3. Remove your tinfoil hat.
  • Buy a homing pigeon.

  • The problem is the same; KVM can inspect the memory aswell.

    Also, it doesn't matter if I trust my provider or not, watch Lavabit, they can just force to raid the servers.

    Also, it was demostrated a long ago the tinfoil hat amplifies signals rather than stopping them.

  • @Jack said:
    Get a dedicated server then.

    The RAM modules can be physically removed

  • rm_rm_ Member
    edited August 2013

    1) Don't f---ing use f---ing OpenVZ.
    2) Spying on KVM is more complex, but if you're still concerned, get a dedi.

    Seriously, if you assume a random provider will go as far as dumping KVM RAM to get to your encryption key, but at the same time you are not even able to afford a 10 EUR dedi, then sorry but you're just a sad joke.
    Leaving OVH aside, there are at least two providers with 10 EUR/mo dedi offers: dedibox.fr digicube.fr and online.net.

    Thanked by 2mpkossen marrco
  • SpiritSpirit Disabled
    edited August 2013

    He's asking what's possible/not possible with certain type of virtualization, not what he can afford it and what can't. What makes you think that someone who ask something about OpenVZ doesn't have already some KVM or even dedi boxes?
    And if he does, what makes his question regarding certain type of virtualization less relevant? Some general opinion does not answer explicit question. So much about tinfoil hats.

    Thanked by 2Janevski trelawney
  • I really don't get why when you ask an entirely technical question you get flammed like this.

    Is not about do not having money to rent dedicated servers, myself owns some of them; the topic is about finding solutions to provide privacy on VPS servers, however it seems the people feels unconfortable talking about this.

    Back to the discussion stream, I also do not find secure to do this on a dedicated server. Datacenter staff can always shut down the machine at 4 AM, dump the hard disk and report a power failure. It doesn't matter what they do it for: court order, brive or gun on their head. However, hosting on a dedicated may saves you from being "RAM snooped."

    So, is there any secure way to host the private keys used in LUKS or similar encryption out of that box?

    Thanked by 1Janevski
  • I also do not find secure to do this on a dedicated server. Datacenter staff can always shut down the machine at 4 AM, dump the hard disk and report a power failure.

    Are you fucking serious? If you're going to be this paranoid, you'd might as well not bother.

  • @rm_ said:
    dedibox.fr and online.net.

    I was wondering why I hadnt heard of dedibox.fr. It seems to be just a pseudonym of online.net?

    C, Bash, Perl, Python, PHP, and JS hobbyist. VPS collector. Blog

  • DroidzoneDroidzone Member
    edited August 2013

    @Jack said:
    Yes host it under your bed.

    I feel sad that you sleep in the DC. Such commitment..

    C, Bash, Perl, Python, PHP, and JS hobbyist. VPS collector. Blog

  • rm_rm_ Member
    edited August 2013

    Yes host it under your bed.

    Indeed, the most secure option is to host a server at your own location, e.g. at home.
    And for example with E-Mail you can set up some VPSes or dedis to act as secondary MXes, those will provide a "safety net" when your home connection or electricity goes down.

    dedibox.fr. It seems to be just a pseudonym of online.net?

    Oh sorry! I meant http://digicube.fr/

  • netomxnetomx Member, Moderator

    Maybe a KVM with truecrypt ?

  • seriesnseriesn Member, Top Provider
    edited August 2013

    If you do not trust your provider, do not use them, can't be more simple than that. Also, remember, us as providers, we do not have any time to snoop around 1000's of active vps's for the heck of it. We have better things to do besides reading your emails and what not. Unless you ring sometype of alarm, no reputable provider will bother with you.

    Btw, remember this "Anything that can be encrypted, can very well be decrypted".

  • @seriesn said:
    If you do not trust your provider, do not use them, can't be more simple than that. Also, remember, us as providers, we do not have any time to snoop around 1000's of active vps's for the heck of it. We have better things to do besides reading your emails and what not. Unless you ring sometype of alarm, no reputable provider will bother with you.

    Btw, remember this "Anything that can be encrypted, can very well be decrypted".

    While you may not have time to snoop around files, other providers have made bots to do so. I've had issues with one of them. I find the best way to go about it is ask the provider what kind of monitoring they do and check to see if such monitoring complies with the laws of the country the server is hosted in.

    OpenVZ makes it way to easy for snooping as someone as said before if you care about privacy use KVM or OpenVZ with a provider that doesn't spy.

  • seriesnseriesn Member, Top Provider

    @spycrab101 said:
    OpenVZ makes it way to easy for snooping as someone as said before if you care about privacy use KVM or OpenVZ with a provider that doesn't spy.

    If a provider don't monitor malicious activity, you need to worry more than anything else. If provider wants, they can snoop into your kvm too ;)

  • How 'save' is xen?

    Servitor.io - Server and website monitoring. Free to use!

  • TsumeTsume Member
    edited August 2013

    Chances are you're not the only person on any OpenVZ node at any given time. They probably have dozens of not at least a hundred others. Why would they single you out, out of everyone else, just to look at your emails? Unless what you're doing is malicious or illegal. There's nothing to worry about.

    I highly doubt providers go through the trouble of providing servers just to read everyone's email/documents.

    But if you're that paranoid. Then your best bet would be a dedicated server.

    DediCube - L2 Support

  • seriesnseriesn Member, Top Provider

    @Tsume said:

    But if you're that paranoid. Then your best bet would be a dedicated server.

    What if DC staffs decides to take a look into his dedi? He is better not even talking to anyone. You know, walls have ear too :P

  • @seriesn said:
    What if DC staffs decides to take a look into his dedi? He is better not even talking to anyone. You know, walls have ear too :P

    Haha, true enough.

    DediCube - L2 Support

  • Host the mail server at your house and tunnel to your VPS with SSH or OpenVPN. The DC/VPS provider would still be able to see your incoming/outgoing mail since SMTP is mostly unencrypted.

  • Unless you Colo your Dedi (better build one from scratch and colo it. Never know what them rented ones have in them!) at the NSA Datacenter, the chances of a Datacenter employee taking your server, managing to extract the encryption key from RAM (without losing power, thus cleaning out the RAM), and then decrypting your server's hard drives so they can dig through it is PRETTY DARN LOW. A smal degree of paranoia (like wondering why that guy has been following you for the past half mile) is okay. But there is a point where it gets a little... excessive.

    BlueVM | Best VPS Deals [~] 1GBPS, RAID-10, OpenVZ/KVM, 8 locations. [~] Feathur VPS Control Panel!
  • I have a funny feeling that your worried a about being snooped on when really, You are referring to hosts being able to trace you are sending spam thus having justification to disable you, You won't hide that KVM/OPENVZ or any other virtualization you want, The traffic is routed via host node so host can always monitor that traffic an when reports flood in about a vps provider just watches it for traffic to work out spam its sending to justify disabling you.

    NO provider will waste time breaking private keys an exim just to find stuff out, Quite frankly they don't even need to look within VPS to find email abuse.

    An if your so paranoid to think a provider would want to go snoop on any data then 1 would be counter productive an unless your hosting some multi thousand pound company i wouldn't worry, An if you are then stick it on a dedi.

    The only logical reason behind being this paranoid, IS something is on your servers which is provider found you would be terminated for. Simple as. Otherwise it wouldn't be a concern for you to open Multiple topics regarding same reason.

  • krokro Member

    Everyone stop with the paranoid argument... Far out, bunch of sads lately.

    Thanked by 1VPSSimon
  • pylodepylode Member
    edited August 2013

    @seriesn said:
    If you do not trust your provider, do not use them, can't be more simple than that. Also, remember, us as providers, we do not have any time to snoop around 1000's of active vps's for the heck of it. We have better things to do besides reading your emails and what not. Unless you ring sometype of alarm, no reputable provider will bother with you.

    Btw, remember this "Anything that can be encrypted, can very well be decrypted".

    Wouldn't it make sense to trust a heavily over-sold provider then? Or a provider ran by kids who don't know what they're doing, haha.

    As everyone else has mentioned though, any data can be seen if you have access to the memory, disk etc.

  • seriesnseriesn Member, Top Provider

    @smooch1502 said:
    Wouldn't it make sense to trust a heavily over-sold provider then? Or a provider ran by kids who don't know what they're doing, haha.

    You are already trusting them with your personal and financial information ;)

  • @seriesn said:
    You are already trusting them with your personal and financial information ;)

    Unless you pay by bitcoin..

  • In this case, SMTP servers dont need to be breaking into, they can be monitored via the traffic analyzing. If you use SMTPS, then NSA will still be able to access the other end of the communication, for example, yahoo, hotmail or gmail boxes. The only way to keep it out is to use some kind of encrypted darknet like freenet where all traffic is inside the network. Even so, the particular node you run will be vulnerable due to keys being stored in the memory.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • flyfly Member

    any provider will be able to look at your files. if you're really that concerned that your provider is gonna take the time to bother and look at your shit, you'll need to buy your own hardware and host it yourself. But then again, someone can just listen in on your network traffic.

  • Remove your tinfoil hat.

    This.

    -- BOFH

  • Whatever technology you use to prevent anyone from accessing your data, if there's physical access to your resources, you can say goodbye to your data's privacy.

    Rule #0: you must trust your system administrator ultimately, or keep no servers at all.

    Commenting original statement: yes, OpenVZ gives most easy access to VMs (containers) data/RAM. Switching to KVM and further to dedicated improves security. Just decide what adversary shouldn't access your data, to select proper option.

    Thanked by 1VPSSimon
    Monitor your network assets with IPHost (contact me to obtain a discount code)
  • The truth is your entire upstream has access to your traffic flowing through them... it takes nothing special for them to peak at your traffic.

    Visual Artist/Nerd from Los Angeles, Ca. Has a strange addiction to servers.
  • @smooch1502 said:

    Indeed. Actually it makes more sense in a way. It's the same as meeting someone in secret in a really crowded pub or cafe than in a remote area. If you're hiding something, it might be better to hide it in the open.

    I'd envision a solution where the data is split into multiple random pieces and distributed to a series of servers across something akin to tor nodes, assembled later with a key at your home pc.

    C, Bash, Perl, Python, PHP, and JS hobbyist. VPS collector. Blog

  • perennateperennate Member, Provider
    edited August 2013

    I'd envision a solution where the data is split into multiple random pieces and distributed to a series of servers across something akin to tor nodes, assembled later with a key at your home pc.

    Erasure coding + AES? You can do that with Tahoe-LAFS, or a dozen other similar systems.

  • Master_BoMaster_Bo Member
    edited August 2013

    @joelgm said:
    I'd envision a solution where the data is split into multiple random pieces and distributed to a series of servers across something akin to tor nodes, assembled later with a key at your home pc.

    It can be stored even in single piece in multiple copies, if it gets decrypted at a single (home) computer.

    Any means of storage/transfer via encrypted media, provided there's no automated en/decryption, will do nicely.

    Monitor your network assets with IPHost (contact me to obtain a discount code)
  • He isn't on about protecting personal data. He is saying "How can i send email spam an provider not ever know or be able to prove content of emails so cant prove spam"

    Notice how the question orginally clearly referred to exim

  • @VPSSimon said:
    He isn't on about protecting personal data. He is saying "How can i send email spam an provider not ever know or be able to prove content of emails so cant prove spam"

    Notice how the question orginally clearly referred to exim

    No, I am not going to send spam. Also, how would encryption will prevent this if you, as provider, can sniff the net? Or am I supposed to send encrypted spam mails so only the 10% arrive? Exim is an email MTA, it is secure, fast and easy, and widely used in all kind of services, so please do not accuse me of doing such a thing. If you can only use exim to spam is your fault, not mine.

    I am looking for solutions to encrypt my INCOMMING email mainly. I am thinking for a solution cheaper as possible (thats why using VPS's) to provide privacy, nothing else.

    Why if you are developing a pharmaceutical patent worth in millions and needs to email your workmates about this? What about if you are implementing a payment system that needs reliable bitcoin wallets woth in thousand dollars? What if you need to save the financial, medical or other nature information of your clients? I am trying to find the safest and cheapest solution, it is all about this, not sending spam.

    Finally, I found out that there's no way to do this unless you trust in someone: datacenter, admin or something else, no matter how safe your system is, or how many thousand bits length encryption keys you use.

  • @lesti said:
    I am worried about having an email server on some OpenVZ VPS. It is too easy to get your files checked and readed by the server admin.

    My VPS uses exim4 as MTA, also it uses TLS/SSL to protect against MITM attack, however this all is futile when your service provider can access your private keys files, that are stored in the VPS.

    Also, encrypt a disk partition with LUKS won't help, because the server admin could always search of dump throw the RAM memory of the server looking for the point where the information is about the get encrypted, and catch it before that happens.

    So, in a general approach, how coul you protect your information on a virtualized platform?

    P.S.: please avoid comments like "do you have something to hide?", "why do you want to do this?", "is your information so important?", etc.

    Just get a vps from a mature and trustworthy host. When you lease servers from people, you agree to their terms, and I would assume they have the right to check the server you rent from them for any violations. Most hosts normally write in their tos "we dont police our servers unless we suspect illegal activity".

    Trying to prevent a host from checking your server for tos violations may be considered a violation of their tos, which could lead to termination.

    Alternatively, you could get a budget PC from eBay for like $50 to host your own vps off your home internet connection. Just check with your isp since providers like charter/comcast forbid hosting servers from a residential account

  • @lesti said:
    I am worried about having an email server on some OpenVZ VPS. It is too easy to get your files checked and readed by the server admin.

    My VPS uses exim4 as MTA, also it uses TLS/SSL to protect against MITM attack, however this all is futile when your service provider can access your private keys files, that are stored in the VPS.

    Also, encrypt a disk partition with LUKS won't help, because the server admin could always search of dump throw the RAM memory of the server looking for the point where the information is about the get encrypted, and catch it before that happens.

    So, in a general approach, how coul you protect your information on a virtualized platform?

    P.S.: please avoid comments like "do you have something to hide?", "why do you want to do this?", "is your information so important?", etc.

    oh, thought of one more, its kind of shady and would be very inconvenient to use, but if you are paranoid about privacy then go with Cyber Bunker

    To quote their website....

    "Mind Your Own Business: CyberBunker does not poke around on your servers. Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine. CyberBunker has adopted a policy not to mind our clients business. Our famous "Mind Your Own Business" policy."

  • jarjar Provider
    edited August 2013

    Home server, protect with shotgun. Your only points of failure becomes:

    1. Upstream.

    2. The receiver.

    3. Bullet supply.

    Founder @ MXroute

  • I am sorry but the people here are not catching the concept: I don't want to rely on trustworthy or maturity, I do not want to have a security design based on that.

    What if someone puts a gun on the head of the VPS admin? Will he be mature and trustworthy enough to die for your 15$/year VPS (or even for your 3000 $/month server)?

  • spekkspekk Member
    edited August 2013

    now that was funny, I think you are looking in the wrong place for admins dying while protecting a VPS, it's the low end market here.

    if you want security there is a guy in the Netherlands, hosting in an ex-military bunker:

    http://cyberbunker.com/

    about hosting the server, it does not matter if you host it at home, because when Delta Force will break in, they will capture the server before you have a chance to get out of bed, so it is best to host it in a vault or something at home I mean, with an exploding mechanism, or well build your own bunker, I know some guys had a device with sulphuric acid put in above the HDD, and a panic button.

    about the disk, luks is best I think, but it has it's flaws, the datacenter can image the disk but if it's encrypted well that leaves only the RAM, but anyway, they can install a special device on the motherboard to grab all the I/O etc

    what you can actually do is take a lot of prevention measures, but 100% safe does not exist, because of the way it all works.

    @lesti said:
    I am sorry but the people here are not catching the concept: I don't want to rely on trustworthy or maturity, I do not want to have a security design based on that.

    What if someone puts a gun on the head of the VPS admin? Will he be mature and trustworthy enough to die for your 15$/year VPS (or even for your 3000 $/month server)?

  • MrXMrX Member

    Sounds like you need to build yourself your very own datacenter.

  • BrianHarrisonBrianHarrison Member, Provider

    @Jack said:

    Exactly. There are ways for the box owner to inspect the VM of any box under any virtualization technology. It is certainly very easy to do so with OpenVZ, but the only way you'll have a reasonable assurance of privacy/security is with a dedicated server.

    Reprise Hosting (AS62838) Specializing in self-managed cheap dedicated servers and and cheap VPS hosting.

  • VPSSimonVPSSimon Member
    edited August 2013

    @lesti said:
    Finally, I found out that there's no way to do this unless you trust in someone: datacenter, admin or something else, no matter how safe your system is, or how many thousand bits length encryption keys you use.

    Personally if its such important data, You ant low end boxing it. Simple as. Incoming or outgoing mail is still going to be plain text unless itsent sent to you in encrypted form which only your mail server can decipher.

    This is why datacenters are bulletproofed an bomb proofed alot of time, As data security is up there, So owning a dedi on a locked rack you rent would be safest option, However you seem to want NSA style security for nothing you can explain would warrant such a thing, You just sound uber paranoid an you want to send email spam without being found out, Which is impossible.

    And if you wanted to send clean emails With uber security, Client would be receiving email On your own server as you would be sending it to Otherwise when it hops providers its being snooped on. Rather than it going locally.

    And if your deving something thats worth billions, Do what the rest do, the logical thing, Dev it offline an keep offline copys. if its patented doesnt matter if its leaked at all as its under patent. Err common sense.

    your providing hypertheticals that do not apply to you at all, Rather than just saying straight reasons.

    An sending email to clients ok, Make sure your all on same box an u control security, Otherwise mail server you send to or receive from has to be uber secure.

    Take ur tinfoil hat off an get back on the medication. Cos if you have anything worth millions WHY The fuck would you put it on a VPS in first place, an Not self host it on a dedi .

  • RadiRadi Member, Provider
    edited August 2013

    To the OP:
    Do you think your provider will just stay read your VPS?

    I mean, that providers don't have time finding people's secrets. Just provision you the order, the rest is up to you. If you abuse, then provider may be required to take a look, but else no.

    4 GB RAM/90 GB SSD/4 TB Traffic/KVM/1 IPv4 for $7/mo only here with coupon code "LET-It-GO".

  • asterisk14asterisk14 Member
    edited August 2013

    Once you communicate through a third party, then you have no real security. For example when you phone someone on you mobile or landline, the NSA or GCHQ will be able to pick it out of the air. In the old days, they used to tap the wires, now they can just listen to it and you will never know.

    If you are this concerned, then use low tech, postal mail, not easily intercepted e-mail.

  • aglodekaglodek Member
    edited August 2013

    @lesti said: I am looking for solutions to encrypt my INCOMMING email mainly. I am thinking for a solution cheaper as possible (thats why using VPS's) to provide privacy, nothing else.

    >

    Why if you are developing a pharmaceutical patent worth in millions and needs to email your workmates about this? What about if you are implementing a payment system that needs reliable bitcoin wallets woth in thousand dollars? What if you need to save the financial, medical or other nature information of your clients? I am trying to find the safest and cheapest solution, it is all about this, not sending spam.

    My 3 cents' worth:

    (1) Best way to uber-secure your communications is to do away with email entirely and use a web based messaging system accessed over SSL, using public CA keys, not a self signed cert.

    (2) Second layer of security - the one protecting you from your provider(s) snooping - would be to introduce client side encryption of content generating a one-time key/token then sent by the sender only to the intended recipient(s) (i.e. reader(s) of the given message), using a different telecommunications medium like SMS.

    Andrew Glodek | Special Projects Director | 香港國際商務中心 HONG KONG INTERNATIONAL BUSINESS CENTRE
  • @lesti said:
    I am sorry but the people here are not catching the concept: I don't want to rely on trustworthy or maturity, I do not want to have a security design based on that.

    What if someone puts a gun on the head of the VPS admin? Will he be mature and trustworthy enough to die for your 15$/year VPS (or even for your 3000 $/month server)?

    Definitely not. However, if my VPS is ever passed to Optimists In Black this way, they will be severely disappointed to see all the data of any value encrypted beyond recognition.

    Monitor your network assets with IPHost (contact me to obtain a discount code)
  • smansman Member
    edited August 2013

    @FtpIt_Radi said:
    To the OP:
    Do you think your provider will just stay read your VPS?

    I mean, that providers don't have time finding people's secrets. Just provision you the order, the rest is up to you. If you abuse, then provider may be required to take a look, but else no.

    Glad someone said it. As if the only reason we do this is to watch what people are doing on hundreds or thousands of virtual servers. 99.99999999% of the time the last thing on the providers mind is wonder wtf you are doing. We have much better things to do and frankly don't want have to look at what you are doing. Even when you ask us to.

    The ONLY and I really do mean THE ONLY TIME I want to look at someones virtual server without being asked is when they are interfering with other servers. Causing excessive load. Things like that. And when I do I generally don't look at what you are doing...just what is causing the problem. Most of the time it's a stuck process pinning the CPU at 100% which I don't even have to go into the server to see on OpenVZ. In that case I'll just reboot the virtual server and see if that takes care of it.

    If not so obvious I will go straight to the message log which generally isn't going to tell me what you are doing but might give a clue what is causing the load problem. Even if I wanted to I don't have time to snoop around and see what you are doing.

Sign In or Register to comment.