On Sat, 29 Feb 2020 at 13:22, H agents@meddatainc.com wrote:
On 02/25/2020 12:44 AM, H wrote:
On 02/24/2020 05:02 PM, Valeri Galtsev wrote:
On 2020-02-24 15:57, H wrote:
On 02/24/2020 12:42 PM, Roberto Ragusa wrote:
On 2020-02-24 14:37, lejeczek via CentOS wrote:
On 24/02/2020 10:26, Roberto Ragusa wrote: > On 2020-02-24 10:51, lejeczek via CentOS wrote: >> g) remember!! still at least (depending how you mount it) >> the 'root' will have access to that data while mounted, >> obviously! > More than that: the root user will be able to access data > in the future too, since it can steal the key > while the data is mounted. > > Regards. > With a passphare only?
Attackers don't need the passphrase, they can use the real key used for encryption (dmsetup table).
Regards.
So the final word seems to be that even if I create this
LUKS-encrypted loop-back file and only mount it when needed, immediately un-mount when no longer needed, a root user can access this encrypted file system while it is mounted, and perhaps more importantly, even when it is not mounted since they can get the key as described above?
My reputable VPS hosting provider in Europe of course outsources some
of the support to other countries. While I have no immediate suspicion that they access files on my VPS, I also have no way of finding out, nor of protecting myself - apart from not putting "sensitive" files on the VPS or encrypting files before uploading them.
If I upgrade to a dedicated server I expect that I will be the root
user but will the hosting company still have access to my server?
Whoever has physical access to the machine can have everything. In the
past I was phrasing it "nothing can stop the guy with the screwdriver". Do not take the screwdriver literally, of course.
Valeri
Well, the scenario with a screw driver I can live with but not other
types of access...
I spoke with my hosting company where I also have a Hosted VMWare server running CentOS 7.
The person I spoke with said that if I change the root password, this would prevent any support person from logging in. I, as the root, would be the only one (assuming, of course, they have not created any other users). Were I to need support in the future, I would have to give it to them since they would otherwise not be able to log in. I presume I can already look at the logs to seen when and from where the root user have logged in.
They also claimed, which I have yet to understand what she meant, that even if they have the root password I can protect directories and their contents. I did not understand what she meant and she could not give me any further information.
Does anyone understand what she might refer to?
It really depends on a lot of definitions of 'protect' and other things. If you were to encrypt a partition and only allow it to be unencrypted with your typing a password then it would be protected from them viewing it while it is 'resting'. However you would need to encrypt/unencrypt whenever you needed it to make sure that the window they could see it was small.
In the end, the more layers that a provider is giving you, the more you are having to implicitly trust them. At the lowest layer, if you have a physical server, you are trusting them to not physically mess with the hardware while you aren't in control of it. You also have to trust them at the network layer to a certain extent (they aren't putting in bogon routes, etc etc). The next layer is where you rent the hardware from them. They gain more control to fix things, but you have to trust that the hardware is sound. Next comes the cloud layers where you are going to have to trust that they aren't mounting your partitions or messing with the ring -1 layer to see what you are doing. Finally you have the 'container' level where you have to trust them on everything from the 10k other containers they have to what those containers can see.
The issue will come in on how much money you are willing to save for that cost.. and where the vendor is going to try and make extra money by snooping in on things. They might just do it with DNS mining on their network dns that they hand off to some data-vendor. They might do it in other places. If you are getting too much for too cheap.. you have become the product somewhere.