[CentOS] Encrypted container on CentOS VPS

Sat Feb 29 18:37:58 UTC 2020
Stephen John Smoogen <smooge at gmail.com>

On Sat, 29 Feb 2020 at 13:22, H <agents at meddatainc.com> wrote:

> On 02/25/2020 12:44 AM, H wrote:
> > On 02/24/2020 05:02 PM, Valeri Galtsev wrote:
> >>
> >> On 2020-02-24 15:57, H wrote:
> >>> On 02/24/2020 12:42 PM, Roberto Ragusa wrote:
> >>>> On 2020-02-24 14:37, lejeczek via CentOS wrote:
> >>>>>
> >>>>> On 24/02/2020 10:26, Roberto Ragusa wrote:
> >>>>>> On 2020-02-24 10:51, lejeczek via CentOS wrote:
> >>>>>>> g) remember!! still at least (depending how you mount it)
> >>>>>>> the 'root' will have access to that data while mounted,
> >>>>>>> obviously!
> >>>>>> More than that: the root user will be able to access data
> >>>>>> in the future too, since it can steal the key
> >>>>>> while the data is mounted.
> >>>>>>
> >>>>>> Regards.
> >>>>>>
> >>>>> With a passphare only?
> >>>> Attackers don't need the passphrase, they can use the
> >>>> real key used for encryption (dmsetup table).
> >>>>
> >>>> Regards.
> >>>>
> >>> So the final word seems to be that even if I create this
> LUKS-encrypted loop-back file and only mount it when needed, immediately
> un-mount when no longer needed, a root user can access this encrypted file
> system while it is mounted, and perhaps more importantly, even when it is
> not mounted since they can get the key as described above?
> >>>
> >>> My reputable VPS hosting provider in Europe of course outsources some
> of the support to other countries. While I have no immediate suspicion that
> they access files on my VPS, I also have no way of finding out, nor of
> protecting myself - apart from not putting "sensitive" files on the VPS or
> encrypting files before uploading them.
> >>>
> >>> If I upgrade to a dedicated server I expect that I will be the root
> user but will the hosting company still have access to my server?
> >>>
> >> Whoever has physical access to the machine can have everything. In the
> past I was phrasing it "nothing can stop the guy with the screwdriver". Do
> not take the screwdriver literally, of course.
> >>
> >> Valeri
> >>
> > Well, the scenario with a screw driver I can live with but not other
> types of access...
> >
> I spoke with my hosting company where I also have a Hosted VMWare server
> running CentOS 7.
>
> The person I spoke with said that if I change the root password, this
> would prevent any support person from logging in. I, as the root, would be
> the only one (assuming, of course, they have not created any other users).
> Were I to need support in the future, I would have to give it to them since
> they would otherwise not be able to log in. I presume I can already look at
> the logs to seen when and from where the root user have logged in.
>
> They also claimed, which I have yet to understand what she meant, that
> even if they have the root password I can protect directories and their
> contents. I did not understand what she meant and she could not give me any
> further information.
>
> Does anyone understand what she might refer to?
>


It really depends on a lot of definitions of 'protect' and other things. If
you were to encrypt a partition and only allow it to be unencrypted with
your typing a password then it would be protected from them viewing it
while it is 'resting'. However you would need to encrypt/unencrypt whenever
you needed it to make sure that the window they could see it was small.

In the end, the more layers that a provider is giving you, the more you are
having to implicitly trust them. At the lowest layer, if you have a
physical server, you are trusting them to not physically mess with the
hardware while you aren't in control of it. You also have to trust them at
the network layer to a certain extent (they aren't putting in bogon routes,
etc etc). The next layer is where you rent the hardware from them. They
gain more control to fix things, but you have to trust that the hardware is
sound. Next comes the cloud layers where you are going to have to trust
that they aren't mounting your partitions or messing with the ring -1 layer
to see what you are doing. Finally you have the 'container' level where you
have to trust them on everything from the 10k other containers they have to
what those containers can see.

The issue will come in on how much money you are willing to save for that
cost.. and where the vendor is going to try and make extra money by
snooping in on things. They might just do it with DNS mining on their
network dns that they hand off to some data-vendor. They might do it in
other places. If you are getting too much for too cheap.. you have become
the product somewhere.

-- 
Stephen J Smoogen.