-5

Since hosting providers are constantly under attack from hackers, encryption of the entire file system (the entire server) with tools like www.truecrypt.org seems like an absolute must to me, if you care about your users.

Now, attacks are becoming more sophisticated and hosters should, by default, never be trusted.

It is my understanding that system-wide encryption is not a solution to attacks that happen inside the RAM.

What do you suggest as the best counter-measure to in-RAM attacks?

voretaq7
  • 79,879
  • 17
  • 130
  • 214
TomDogg
  • 113
  • 1
  • 8
  • 1
    Tis is like asking whether it makes sense to weld a server close and put some C4 into it in case the technician at the data center wants to open it - over the top. Encrypting file system - ok. TPM - ok. In memory attacks? get a properly protected server, and firewalls, and be happy. – TomTom Jun 15 '13 at 10:37
  • @TomTom - Thanks. Here's the incident that got me worried: "The malicious code used in the "backdoor" exclusively infects the RAM. First analysis suggests that the malicious code directly infiltrates running Apache and sshd processes. Here, the infection neither modifies the binaries of the service which has been compromised, nor does it restart the service which has been affected." It's a recent attack on a big hoster, read the 1st comment: https://news.ycombinator.com/item?id=5833181 I'm not sure that I should not worry about hackers extracting databases in automated ways with big hosters. – TomDogg Jun 15 '13 at 10:45
  • This is where UEFI boot and TPM comes into hand. Signed drivers. Make sure the OS is intact - or do not boot it. Once the OS is active, that is it - processes are isolated. Programs never run in ring 0 unless digitally signed. – TomTom Jun 15 '13 at 14:21

1 Answers1

4

Stronger process-/domain-based rule systems such as SELinux.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
  • Even SELinux won't defend against a well-executed in-memory attack (though it will certainly stop the sloppy ones). If you can't trust your memory/running programs to be free of malicious intent you're pretty well past the point where you can salvage it with software solutions. – voretaq7 Jun 17 '13 at 19:04