View Single Post
  #1   (View Single Post)  
Old 10th June 2019
e1-531g e1-531g is offline
ISO Quartermaster
Join Date: Mar 2014
Posts: 596
Default Should I encrypt filesystem of my VPS server?

I would like to know your opinion about encrypting filesystem. VPS in the Cloud (IaaS). Potentially personal and sensitive information stored in files (e-mails). I know that keys are stored in RAM. At first encryption seemed like something nonsense in that scenario, because I assumed the same threat model as for my laptop. Biggest reason to encrypt data on my laptop is possibility of physically accessing it by adversary. More specific examples: robbery with theft when I go with my laptop on street or somebody breaking in to my apartment when I leave the city for few days.
When it comes to VPSes in datacenters these risks changes: I don't think physically breaking in is that probable, but those who are there have time and knowledge to extract keys from RAM are there, so encryption is not that effective in that use case.
On the other hand I know server uses SSD (cloud provider advertises it's infrastructure that it is based on SSDs). Let's assume I trust that RAM will not be accessed by adversary from other VPS. Should I also assume that no data will be leaked via relocations done on the SSD-based storage? I fear that virtual disk will be copied to other storage, but not overwritten/deleted from the former before provisioning there other VPS of potential adversary without properly erasing it first. Or just somebody steals some unused SSD/sells them without proper erasure.
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote