3

When I was in grade 8, my entire class took a road trip to Quebec in order to "learn french". We basically just ran around Montreal speaking english and having a blast, but come night time, the chaperones would close our doors, and place a piece of masking tape across it so that any idiot who left his room at night would could be reprimanded (since the tape would be removed from it's original position) - still with me?

How can I do something like that on a windows box? Answers for linux machines appreciated as well, but my predicament is windows specific.

I am renting a server from a cheaper company at the moment, and don't entirely trust them to be honest.

How can I tell if/when said company accesses my dedicated server without my knowledge?

Ricardo Polo Jaramillo
  • 2,039
  • 2
  • 18
  • 35
darkAsPitch
  • 1,931
  • 4
  • 25
  • 42
  • 2
    If they have physical control of the server, then you can't tell if they access it. Period. – Greg Hewgill Oct 23 '11 at 07:05
  • 3
    Send an email every time someone logs on? – Lasse V. Karlsen Oct 23 '11 at 07:14
  • @GregHewgill, They would have physical access to it, yes, as it is inside of their data center. Lasse V. Karlsen seems to have a genius idea however, why wouldn't this work? If they accessed it once (even to remove email notification), you would still be notified, would you not? Unless they removed it from the internet for a few seconds, that is. Perhaps a more complicated script that re-writes over itself if a user logs on without internet connection, combined with the email script? – darkAsPitch Oct 23 '11 at 07:18
  • 14
    If you don't trust them, then you shouldn't be renting from them. Simple as that. – Tom O'Connor Oct 23 '11 at 08:33
  • agree with Lasse V. Karlsen, but if you dont trust the cheaper company , maybe its not worth keeping your data there. – whizkid Oct 23 '11 at 09:02
  • 2
    I wonder what the chaperon would have done if someone *smart* left their room - for instance, had I left my room, I'd have moved the tape on *all* the doors. :> – Cyclops Oct 23 '11 at 17:15
  • 2
    @darkAsPitch if they really wanted, they could take the drives out and clone them one by one until they have a replica of all of your data. They would never have to log in, and assuming that you're using RAID, you might never know. By the time you can answer the alerts, it's too late. – MDMarra Oct 23 '11 at 22:03
  • @Cyclops That's pretty brilliant. – ceejayoz Oct 24 '11 at 01:48

5 Answers5

7

Anyone with physical access to the machine, or access to the host if the machine is virtualized, can gain access and there is absolutely nothing you can do about it. The drive, whether physical or virtual, can be cloned and installed into another machine. If desired they can make whatever changes they like and put the drive, or the clone, back where they found it.

This is why a business cannot afford to place into the hands of a hosting/co-location facility anything they don't wish to share. Of course encryption is a help but that's not the area under discussion here.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
  • Technically - wrong. Bitlocker, TPM, UEFI and boot time password - have fun. Discs are encrypted, encryption is hardware locked. This is exactly made for scenarios where for example a laptop is stolen. – TomTom Jun 09 '17 at 19:54
6

The problem with your analogy is that in your case you're really worried about the hotel owner being a pedophile.
All the tape in the world won't help: they can simply keep the chaperone off the floor for a while & re-tape the door when they're done.

Instrumenting your servers is a good step to montor against attacks, but you need to find a hosting company you trust, otherwise anything you do can be circumvented to some extent by the hosting company.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
2

the email can be intercepted if it's sitting in there data center.

There are ways around it but linux has something called the atime parameter when you mount a disk it writes down every time someone accesses a file of course this doesn't stop them from mounting it with a boot disk set to noatime. Windows probably has something similar with the same fault, but that's your best bet unless you can find a hardware solution, maybe do that in combination with drive encryption? or have a second server sending requests for objects off the disk and consider it a security breach when there is downtime. Have that object be reading off the access times encrypted with a one time pad kept only in ram last hand off in the pad feeding a new pad the initial seeding of the first pad would have to be on site and could not be stored there. You could also just use another cryptographic approach like ssl or something, but one time pad is pretty hard to beat.

there's even ways around the pad idea, but that's reaching the just silly point, and if your data is valuable enough to be worth past the just silly point you should trust your provider. The just silly point being figuring out a way to have the drive shared with a second host without the first hosts cooperation or popping the ram freezing it and breaking out the electron microscope. Doing more than the email idea might even be past the just silly point.

squishy
  • 29
  • 1
  • I like your thinking squishy. Mainly the verifying connectivity regularly. If I checked my server's up-time every 10 seconds... it should only cost me ~1MB of bandwidth per day, plus I receive the added benefit of knowing my expensive host's real up-time percentage. Thank you. – darkAsPitch Oct 23 '11 at 07:46
2

You may create a batch file who save the time of the PC uptime when in it is run.

The content of the *.bat file could be something like this:

net stats svr > C:\LastUptime.txt

The result of that command is something like this

Server Statistics for \\RPOLOPC


Statistics since 22/10/2011 10:48:53 p.m.


Sessions accepted                  1
Sessions timed-out                 0
Sessions errored-out               0

Kilobytes sent                     0
Kilobytes received                 0

Mean response time (msec)          0

System errors                      0
Permission violations              0
Password violations                0

Files accessed                     0
Communication devices accessed     0
Print jobs spooled                 0

Times buffers exhausted

  Big buffers                      0
  Request buffers                  0

The command completed successfully.

You may change the > in your script to >> if you dont want the file to be rewrited instead to append to the existing file each time.

After you have the script create a Basic Task using the Windows Task Scheduler to run it every thime when the PC starts.

Ricardo Polo Jaramillo
  • 2,039
  • 2
  • 18
  • 35
2

Why don't you just get a locking case with a tamper switch (Dell and probably everyone else makes cases with these enabled)? Make sure your BIOS has a password set (so they can't simply PXE boot it to another OS), and you should be pretty much set.

devicenull
  • 5,622
  • 1
  • 26
  • 31