Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to encrypt an entire VPS? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to encrypt an entire VPS?

2»

Comments

  • @Atomic7 said:
    sorry but no, OVZ is not like shared hosting.

    OpenVZ:

    OpenVZ is is a linux based virtualization platform based on the Linux Kernel. OpenVZ allows a physical server to run multiple isolated operating system instances known as containers. OpenVZ can only run linux based operating systems such as Centos, Fedora, Gentoo, and Debian. One disadvantage of OpenVZ users are not able to make any kernel modifications. All virtual servers have to get along with the kernel version the host runs on. However because it doesn't have the overhead of a true hypervisor it is very fast and efficient over KVM, XEN, and VMware.

    KVM:

    KVM provide true virtualization resources which are not shared between the host kernel or other virtual servers. Almost any operating system can run through KVM.

  • @painfreepc said:

    OpenVZ:

    OpenVZ is is a linux based virtualization platform based on the Linux Kernel. OpenVZ allows a physical server to run multiple isolated operating system instances known as containers. OpenVZ can only run linux based operating systems such as Centos, Fedora, Gentoo, and Debian. One disadvantage of OpenVZ users are not able to make any kernel modifications. All virtual servers have to get along with the kernel version the host runs on. However because it doesn't have the overhead of a true hypervisor it is very fast and efficient over KVM, XEN, and VMware.

    KVM:

    KVM provide true virtualization resources which are not shared between the host kernel or other virtual servers. Almost any operating system can run through KVM.

    So? And your point is? I understand that you have some amazing copy paste skills but I have some of those skills too!

    Shared Web Hosting:

    A shared web hosting service or virtual hosting service refers to a web hosting service where many websites reside on one web server connected to the Internet. Each site "sits" on its own partition, or section/place on the server, to keep it separate from other sites. This is generally the most economical option for hosting, as many people share the overall cost of server maintenance.

    Troll:

    A troll is a person who sows discord on the Internet by starting arguments or upsetting people, by posting inflammatory, extraneous, or off-topic messages in an online community (such as a forum, chat room, or blog), either accidentally or with the deliberate intent of provoking readers into an emotional response or of otherwise disrupting normal on-topic discussion.

    I can start my own shared hosting service with an OVZ container but I can't start an OVZ vps service with a shared hosting account. A shared hosting is just limited to webhosting while anyone can do most of the things with an OVZ container those are possible with a KVM or dedicated server. So no, OVZ is nothing like shared hosting. And by shared hosting if you mean sharing a same dedicated server, then KVM is also included in that.

    I am done with this. I have already achieved what I wanted. This isn't a thread about virtualization technologies or anything else and you don't seem to understand the meaning of "relevant". You can continue!

  • XSXXSX Member, Host Rep

    KVM&HVM install OS to encrypt disk.

  • emgemg Veteran

    Neither Atomic7 nor anyone else has mentioned the threat model. What threat or risk is he defending against? If it is his little sister, then this is obviously overkill. If it is a well-funded, skilled government or similar adversary, then it isn't sufficient.

    If the VPS is not running, then well-designed strong encryption should protect the data at rest. Of course, the problem is how to unlock the encrypted system securely at boot time. The VNC implementations that I have seen on my two KVM VPSs do not offer a secure link. The solution mentioned by @Rallias is the only secure channel solution I have seen.

    As long as the VPS is running, the encryption/decryption keys are in memory. That memory is accessible to the VPS hosting provider, as well as other attackers who may try to compromise the host node or exploit a vulnerability in the running VPS.

  • emg said: That memory is accessible to the VPS hosting provider

    There's maybe 2-3 providers here that know how to dump memory.

  • emgemg Veteran
    edited November 2013

    @Rallias said:
    There's maybe 2-3 providers here that know how to dump memory.

    Perhaps true, but if the threat model includes a large, well-funded government, I am sure they will assist the provider to obtain the necessary decryption keys.

    Atomic7 wants to encrypt his entire VPS hard drive. Is it reasonable to say, "Your VPS is probably secure, because maybe 2-3 providers here know how to dump memory and get your decryption keys." ?

    Could simpler tools become available over the running lifetime of Atomic7's VPS?

    (P.S. Thank you for sharing that great link to unlocking an encrypted drive over SSH.)

  • @emg What you are asking is already discussed in this thread: http://lowendtalk.com/discussion/17129/how-secure-is-this-vps

    Taking a memory dump is one thing, extracting the encryption keys from that memory dump is a different story altogether. I don't think extracting encryption keys from memory dump is that simple and hardly any hosts here will have that knowledge.

    Can a government organisation do it? Yes, but I am not bothered about any government organisation confiscating my vps.

    Can any of the hosting providers here do it? Most probably not. I just want to keep any curious providers out of my boxes, not because I have anything to hide, just because it's irritating.

    And this was just for the learning purpose. The most practical implementation of this I can see is for those hosts who host their WHMCS on a vps from another provider.

Sign In or Register to comment.