2

I know there is no way to completely secure a running system, however I'd like to do do what ever is possible.

I'm not sure how to phrase the question, but basically, I'd like to secure the data on the system, so noone would be able to access it.

  • Is it possible to secure running processes in memory ?
  • Assuming the VPS owner can easily gain root or access to the filesystem (by connecting the drive to another running system), what are my options to secure my data ?
user62167
  • 111
  • 1
  • 2
  • 3
  • 1
    I don't know of a way to encrypt a system on the fly. On the other hand, if you can't trust your VPS host to do their job with honesty and integrity, then perhaps you need to find another host. That or rent a cage in a local colo facility and run your own services. – EEAA Dec 01 '10 at 14:33
  • 2
    The problem isn't with trusting specific VPS, but the the idea of hosting server with sensitive data where others have physical access to the machine, and which at some point be accessed by unwanted entities. This is why a colo'd cage wouldn't help either unless the system was encrypted. – user62167 Dec 01 '10 at 17:02
  • 4
    In a typical colo, you have either a lockable cage or lockable rack. Even *if* you're running a VPS with encrypted filesystems, all of the in-RAM data will be unencrypted, which the VPS host sysadmins would have access to, including the decryption passphrase. If you really have this stringent of security requirements, it sounds like you need to run your own physically-secured systems or find a dedicated server hosting company that specializes in this sort of thing. – EEAA Dec 01 '10 at 17:16

2 Answers2

2

You could use a encrypted FUSE - the only problem being that you need to remount the filesystem when the system reboots. However bear in mind that anyone with access to the VPS image can potentially add bug your code to detect the pass phrase you use.

Is it possible to secure running processes in memory ?

Not sure what you mean here. It's possible to modify any running process with root access, and also the kernel.

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • This would be a private server, and assuming the provider has 99.9% uptime they say they do, rebooting and remounting wouldn't be much of a problem.Since they have physical access, getting root is not a problem, I'm still wondering if FUSE would be sufficient ? – user62167 Dec 01 '10 at 17:07
-1

In second question- If i have vps with my own root i cant access to your filesystem. I can but i need to use ssh or some remote solution.

In first question . If you have some clients who using your vps you can add him max memory for using.

If i make some dump for momery crashing i will crash only my memory on vps , not your .

ntrance
  • 382
  • 2
  • 2