Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Privacy on VPS providers: how reliable is to host private data?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Privacy on VPS providers: how reliable is to host private data?

lestilesti Member
edited April 2013 in General

Some time ago, a client asked me to develop a website for their small company and to find a provider to host this. The web application will be hosting private data about the clients of this company and so on, stuff that shall not be watched by people that doesnt belong to the corporation. After this requeriment, a question came to my mind: how realiable are the average LEB providers to offer such privacy?

I know there are ways to encrypt the hard disk (LUKS, dm-crypt) and the communications using safe protocols, however, the admin of the provider could always watch the data hosted there. May the data is encrypted on disk space, but it will be always possible to install some rootkit that debugs at memory once the data is decrypted.

Even if I get a full dedicated server, there will be some hands able to mess my data. So, is there any way to host private data on server that you don't know if are trustworthy?

Comments

  • @lesti said: So, is there any way to host private data on server that you don't know if are trustworthy?

    Use full disk encryption, SSL or something of the kind from client to server, and hope that whatever you're doing isn't interesting enough to get your host or any three-letter agencies using rootkits and the like.

  • IMO, if your data is so important that you would worry about a provider may try to see them, you should never put them anywhere away from yourself.
    Thus, keep your own hardware for those top-secret data, and maybe you also need own DC.

    But for most time, those providers have more things to do than look into you system. I personally put my codes on a LEB, not worrying anything, for I know they don't worth the provider to steal.

  • I don't believe FDE is possible in OpenVZ, so you'll probably be looking at KVM.

  • jeffjeff Member

    @SimpleNode said: I don't believe FDE is possible in OpenVZ, so you'll probably be looking at KVM.

    What kind of performance hit?

  • @jeff said: What kind of performance hit?

    I'm honestly not sure about the performance hit of FDE, hopefully someone else will know.

  • TimTim Member

    Is this a web application that will only be used by company employees?

  • Any provider that can physically access the server has full ability to access client data if it's unencrypted. It's always been a matter of trust. Unless you're prepared to pay for a locking quarter cabinet from a colocation facility and install your own servers etc.. of course.

  • So, we already have a thread about this

    http://www.lowendtalk.com/discussion/9910/kvmxen-privacy

    And was started today/yesterday too

  • user123user123 Member
    edited April 2013

    If you want certain data to remain private from physical intrusion, host it locally in a secured location. If practical, host it on a server that does not have Internet access (not so practical in this case). Once other people have access to the data (physical or remote), all bets are off. The best thing you can do in this situation is to secure the server with the private data as best you can and hope that no skiddies become interested in your milkshake.

    Protip: If you want complete, ultrasup3r1337h1gh security, save the data to the server, then destroy the HDD. That way, NO one can steal it. It's Leg-wait for it-en-dary!

  • lestilesti Member

    Thanks for the answers.

    But even if the disk is full encrypted, can't the admin just debug the memory at execution time to find the data?

  • @SimpleNode said: I'm honestly not sure about the performance hit of FDE, hopefully someone else will know.

    It's about 10-15% higher in the %LA category. It's low CPU compared with ecryptfs (ubuntu's "encrypt your home directory"). NEVER do a git clone or svn checkout on an ecryptfs mount.

Sign In or Register to comment.