DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th June 2019
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 571
Default Should I encrypt filesystem of my VPS server?

Hello,
I would like to know your opinion about encrypting filesystem. VPS in the Cloud (IaaS). Potentially personal and sensitive information stored in files (e-mails). I know that keys are stored in RAM. At first encryption seemed like something nonsense in that scenario, because I assumed the same threat model as for my laptop. Biggest reason to encrypt data on my laptop is possibility of physically accessing it by adversary. More specific examples: robbery with theft when I go with my laptop on street or somebody breaking in to my apartment when I leave the city for few days.
When it comes to VPSes in datacenters these risks changes: I don't think physically breaking in is that probable, but those who are there have time and knowledge to extract keys from RAM are there, so encryption is not that effective in that use case.
On the other hand I know server uses SSD (cloud provider advertises it's infrastructure that it is based on SSDs). Let's assume I trust that RAM will not be accessed by adversary from other VPS. Should I also assume that no data will be leaked via relocations done on the SSD-based storage? I fear that virtual disk will be copied to other storage, but not overwritten/deleted from the former before provisioning there other VPS of potential adversary without properly erasing it first. Or just somebody steals some unused SSD/sells them without proper erasure.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
 

Tags
cloud, disk encryption, iaas, vps

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Launching in 2015: A Certificate Authority to Encrypt the Entire Web J65nko News 1 18th November 2014 11:52 PM
Security DNSCrypt: a tool to encrypt all DNS traffic J65nko News 0 8th December 2011 08:13 PM
encrypt my downloads Simon General software and network 5 7th April 2010 07:41 AM
Easiest Way to Encrypt /tmp Oko OpenBSD Security 4 16th April 2009 08:13 PM
Questions about encrypt local passwords aleunix OpenBSD Security 4 2nd June 2008 02:07 PM


All times are GMT. The time now is 09:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick