Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Quick, rookie Q: are VPS's inherently insecure relative to dedicated servers?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Quick, rookie Q: are VPS's inherently insecure relative to dedicated servers?

Recent law grad, interested in setting up a personal cloud/VPN for volunteer work and personal financial junk. A little concerned about keeping everything secure given that some of the information stored will be confidential. Note that I don't intend to cast aspersions on VPS's; I'm just curious as to whether dedicated servers are invariably more secure (assuming proper precautions are taken). I'm in the student loan maelstrom, so the VPS is definitely attractive :).

Comments

  • Thanks for the prompt response. If I understand you correctly, then, client-side encryption would only mitigate the risk where the data was passively stored on the server, right? That's to say, any time the server had to decrypt a file for use, it would be exposed.

  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2013

    There are dedicated servers for 4 EUR/mo if you're in the EU http://www.kimsufi.com/fr/
    and for 8EUR if you aren't http://digicube.fr/rapidserveurs
    so absolutely get a dedi for anything even remotely private, they are not that expensive at all.

    Thanked by 1richardpwnsner
  • DomainBopDomainBop Member
    edited September 2013

    Yes, with openvz being the most unsecure because it is containerization not true virtualization and the host has easy access to your VPS file system and can see all of your files without any effort. I would never store sensitive data on an openvz VPS for this reason.

    It would still be possible for a host to see your files with Xen or KVM if they really wanted to but there would be more effort involved in them accessing your files.

    Thanked by 1richardpwnsner
  • perennateperennate Member, Host Rep
    edited September 2013

    Less secure because you're vulnerable to both attacks against your host / virtualization software / physical server and the virtual container.

    Thanked by 1richardpwnsner
  • @rm_ said:
    There are dedicated servers for 4 EUR/mo if you're in the EU http://www.kimsufi.com/fr/
    and for 8EUR if you aren't http://digicube.fr/rapidserveurs
    so absolutely get a dedi for anything even remotely private, they are not that expensive at all.

    Thanks! Unfortunately, I'm in the US, but to be honest, my primary concern is third parties—while I support the right of others to secure their data against government intrusion, and in fact hope to help out in that regard, for my purposes the primary concern is private snooping.

    @DomainBop said:
    Yes, with openvz being the most unsecure because it is containerization not true virtualization and the host has easy access to your VPS file system and can see all of your files without any effort. I would never store sensitive data on an openvz VPS for this reason.

    It would still be possible for a host to see your files with Xen or KVM if they really wanted to but there would be more effort involved in them accessing your files.

    Good to know—if my shoestring budget forces me to go the VPN route, I'll likely backup locally and restrict uploads to non-confidential data.

    @Zen said:
    There are a few on here that have done just this and I'm sure they have methods to secure a VM or a dedicated server with encryption and such, I am sure they will post in this thread soon enough.

    Would be curious to see...I'll search around for it.

    @rm_ said:
    There are dedicated servers for 4 EUR/mo if you're in the EU http://www.kimsufi.com/fr/
    and for 8EUR if you aren't http://digicube.fr/rapidserveurs
    so absolutely get a dedi for anything even remotely private, they are not that expensive at all.

    That's definitely my preference based on what I've learned so far. I'll shop around for a bit to see what I can do.

  • A customer is the most dangerous part to the equation

    Thanked by 1richardpwnsner
  • RelipRelip Member
    edited September 2013

    Is encryptfs not available on OpenVZ platform?

    Thanked by 1richardpwnsner
  • A dedicated server is no panacea for security. You need to know what you are doing. It's only better in the respect that you are the only one controlling activities on the hardware.

    Thanked by 1richardpwnsner
  • @Relip said:
    Is encryptfs not available on OpenVZ platform?

    I think the problem is that in order for me to utilize the data while it's still cloud-side, it would have to be decrypted, at which point it could be parsed by a motivated party.

  • MaouniqueMaounique Host Rep, Veteran
    edited September 2013

    Dedicated or not when the server is not in your facility where only you have access (and even then...) all bets are off. I mean the governments are employing hackers that use unreleased exploits in OS software to get even in computers where they dont have physical access (they cant raid in china or Iran yet, for example).
    You cannot encrypt or decrypt anything remotely and hope to have good protection, you must keep all your encryption keys local only to your laptop/desktop/VM under your physical control and event hen it can be stolen/raided. And even then, your IP(s) must not be known in order to defend against hacking attacks.
    You can have perfect privacy but everything must be done flawlessly.

    Thanked by 1richardpwnsner
  • Look at this dumb little shit...

  • jsgjsg Member, Resident Benchmarker

    @richardpwnsner said:
    Look at this dumb little shit...

    ???

    Maounique is right. What he says is true.

  • @jsg said:

    @richardpwnsner said:
    Look at this dumb little shit...

    ???

    Maounique is right. What he says is true.

    Was talking about myself, friend. Just taking a trip down memory lane.

    Thanked by 1Lee
  • angstromangstrom Moderator
    edited February 2020

    @richardpwnsner said:
    Look at this dumb little shit...

    Congrats on your 10th comment (and your first since September 2013!)

    Thanked by 1richardpwnsner
  • @richardpwnsner said:

    @jsg said:

    @richardpwnsner said:
    Look at this dumb little shit...

    ???

    Maounique is right. What he says is true.

    Was talking about myself, friend. Just taking a trip down memory lane.

    And now shown the door for senseless necro posting. See you in 7 years.

This discussion has been closed.