|
|||
Should I encrypt filesystem of my VPS server?
Hello,
I would like to know your opinion about encrypting filesystem. VPS in the Cloud (IaaS). Potentially personal and sensitive information stored in files (e-mails). I know that keys are stored in RAM. At first encryption seemed like something nonsense in that scenario, because I assumed the same threat model as for my laptop. Biggest reason to encrypt data on my laptop is possibility of physically accessing it by adversary. More specific examples: robbery with theft when I go with my laptop on street or somebody breaking in to my apartment when I leave the city for few days. When it comes to VPSes in datacenters these risks changes: I don't think physically breaking in is that probable, but those who are there have time and knowledge to extract keys from RAM are there, so encryption is not that effective in that use case. On the other hand I know server uses SSD (cloud provider advertises it's infrastructure that it is based on SSDs). Let's assume I trust that RAM will not be accessed by adversary from other VPS. Should I also assume that no data will be leaked via relocations done on the SSD-based storage? I fear that virtual disk will be copied to other storage, but not overwritten/deleted from the former before provisioning there other VPS of potential adversary without properly erasing it first. Or just somebody steals some unused SSD/sells them without proper erasure.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|||
Do you have any database installed on any VPS? Do you use built-in database encryption methods? It may be whole database or particular column of some table.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
Tags |
cloud, disk encryption, iaas, vps |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Launching in 2015: A Certificate Authority to Encrypt the Entire Web | J65nko | News | 1 | 18th November 2014 11:52 PM |
Security DNSCrypt: a tool to encrypt all DNS traffic | J65nko | News | 0 | 8th December 2011 08:13 PM |
encrypt my downloads | Simon | General software and network | 5 | 7th April 2010 07:41 AM |
Easiest Way to Encrypt /tmp | Oko | OpenBSD Security | 4 | 16th April 2009 08:13 PM |
Questions about encrypt local passwords | aleunix | OpenBSD Security | 4 | 2nd June 2008 02:07 PM |