6

Is it feasible to remotely encrypt the hard drive of a virtual server (VPS, cloud server like EC2)? This would help to protect the contents of the hard drive from snooping by the host or as a result of a security hole, but has some issues:

  • The password has to be entered on startup. Remotely, is this even possible?
  • Could the host simply snoop on the password as it is entered?
  • Do VPSes provide block-level access to the machine, or just file-level? Is encryption even possible?
  • The host (or a judge/policeman/man-with-a-gun telling them what to do) is ultimately in control of the hardware; could they simply examine the memory as the machine runs (similar to a cold boot attack without powering off the machine)?

With these concerns in mind, is encrypting a server with sensitive data simply security theatre, or can it provide real security over an unencrypted drive?

Tom Marthenal
  • 2,116
  • 7
  • 25
  • 37
  • 4
    "How long is a piece of string?" – EEAA Jul 17 '12 at 03:32
  • I did not downvote; however, this is somewhat analogous to asking "should I buy a truck or a car?" We don't know why you want to encrypt, what your system IO performance requirements are, or any of the other random environmental factors unique to your situation that contribute – Mike Pennington Jul 17 '12 at 03:36
  • @ErikA it's a question that does not have one definite answer, but what's wrong with nuanced answers that address particular cases? – Tom Marthenal Jul 17 '12 at 03:36
  • It's completely subjective. SF exists to collect and facilitate questions that have objective answers - it's not a discussion forum. There's nothing wrong with this topic per se, and I could see it being a very interesting conversation on say, a listserv or forum. It's just not appropriate for this venue. – EEAA Jul 17 '12 at 03:38
  • @ErikA someone can say that telnet is preferable to SSH because we should trust our ISP and not worry about encryption. Would a question about the necessities of SSH in an internet environment be subjective? This is a technical question; I can see, however, the confusion. My main concern is if it is possible to remotely encrypt a disk, and what things need to be taken into account with remote disk encryption. I will edit the question to clarify. – Tom Marthenal Jul 17 '12 at 03:40
  • Yes, surely it's possible. Questions about the mechanics of doing that are a completely different tack than "should I do X" or "is X recommended". – EEAA Jul 17 '12 at 03:41
  • @ErikA, you're right that "recommended" was too broad. I will edit the question to clarify the specific concerns I have. – Tom Marthenal Jul 17 '12 at 03:42
  • Right on. I look forward to seeing your shiny new question and (hopefully) some good answers. Unfortunately I have an EC2 cluster to bring up this evening, so I won't have time to answer myself. – EEAA Jul 17 '12 at 03:45
  • @ErikA is the edited question any better? I tried to make it more specific; if there is anything else I can do to improve it, please let me know. – Tom Marthenal Jul 17 '12 at 03:47
  • It's much better. I've reversed my downvote. I should say, though, that many of your questions are very host-specific, so I'm not sure if you'll get many great answers. – EEAA Jul 17 '12 at 03:49
  • @ErikA maybe this question would be better off focusing more on the security issues and to be posted instead on security.SE? Good luck on your EC2 cluser, by the way. – Tom Marthenal Jul 17 '12 at 03:52
  • 1
    If you are that worried about security and encryption, you need to kook at your business and ask if that is right for "hosted services" if your that worried self host. – Zapto Jul 17 '12 at 05:59
  • Why was this question closed? I believe I addressed the issue of it being overly ambiguous and vague/broad. See [my edit](http://serverfault.com/posts/408365/revisions). – Tom Marthenal Jul 17 '12 at 19:16

2 Answers2

11

The password has to be entered on startup. Remotely, is this even possible?

Sure, if you have some sort of console over IP (e.g. Linode's console).

Could the host simply snoop on the password as it is entered?

Well, yes.

Do VPSes provide block-level access to the machine, or just file-level? Is encryption even possible?

The OS requires block-level access, even if it's only virtualized.

The host (or a judge/policeman/man-with-a-gun telling them what to do) is ultimately in control of the hardware; could they simply examine the memory as the machine runs (similar to a cold boot attack without powering off the machine)?

Sure. It's very feasible to suspend a guest to disk and then pick through it with a hex editor afterwards.

With these concerns in mind, is encrypting a server with sensitive data simply security theatre, or can it provide real security over an unencrypted drive?

It makes some sense if you have control over the hardware; when someone else controls the hardware there's little point in it unless you trust that the host doesn't really want to look at it (since they could easily buy the proper expertise if they really wanted to).

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
-1

Yes of course but you need enough CPU quota to handle the I/O and you will have plenty of the overhead, and your RAM can be still dumped from the host machine.

If you host there a sensitive information like e.g. keys, in case the vps company is hacked, and they gain access to the host machine, or to your account, they can dump the image, but cannot mount it. Also, for dumping RAM they would have to breach the host machine, which is beyond the control panel and image access.

So yes, the encryption protects to some reasonable degree your VPS / Cloud image the way that in case of control panel breach, or your VPS account breach, they wont be able to access your data.

You would still have to enter password during boot, and somewhat you would have to be sure that you run unmodified kernel during this, as they can mount your /boot. But still you would notice as the machine would have to be prematurely shut down, so if you handle startups properly it should be no problem.

Andrew Smith
  • 1,143
  • 13
  • 23
  • "... and they gain access to the host machine ..." "... they would have to breach the host machine ..." Which one is it? – Ignacio Vazquez-Abrams Jul 17 '12 at 07:35
  • This is the machine on which the VPS is installed, e.g. the physical machine. Access to this machine is not granted by the web panel you and vps provider support has usually access to, and would still not grant the perfect access to your data, but only to your RAM at any given moment. So if somebody will hack your e.g. email, he wont download your image via cloud provider, still any kernel exploit can do the job too, but for VPS / Cloud encryption is better than nothing, I am just installing a one set so I'll encrypt the sensitive ones too. I use stock Centos. – Andrew Smith Jul 17 '12 at 07:39
  • It's like Host is the bare-metal and Guest is your VPS instance. – Andrew Smith Jul 17 '12 at 07:39