Answer the question
In order to leave comments, you need to log in
L
L
littleguga2017-03-22 16:16:23
littleguga, 2017-03-22 16:16:23
How to encrypt the server so that the hoster does not get access to the data on the disk?
Question about unix server.
There is a purchased dedicated server, I want to make sure that the hoster does not even get stuck into the physical port (directly to the hard drive) to get data on the disk.
ps.
I have nothing to do with 18+ things, just too much paranoia, and there are no longer enough foil caps :)
4 answer(s)
@nirvimel
N
nirvimel, 2017-03-22 @nirvimel
Remote booting of a machine with Full Disk Encryption is implemented using dropbear . But this only solves the problem with disks. As they write correctly, for example, here (in the answers) : there are different attack vectors on the server to which there is physical access. There doesn't seem to be a one-size-fits-all way to protect against everything (aside from keeping the servers at home).
In addition, if you buy this service remotely and do not have direct access to the server yourself, then it is possible that, under the guise of dedecated, they will sell you a virtual machine standing on real dedecated hardware, into which a physical disk, network card, and other devices are directly forwarded. In terms of performance, such a system cannot be distinguished from the one that stands directly on the hardware. All devices work the same way as physical ones (because they are physical). The only difference here is that the host-OS admin can dump the memory of the virtual machine with all the keys (to decrypt the contents of the disk) in clear text.
Similar questions
D
Dmitry2017-08-21 18:43:01
How to fix the error PG::ConnectionBad could not connect to server?
3Reply
A
E
O
U
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question