DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th June 2019
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 500
Default Should I encrypt filesystem of my VPS server?

Hello,
I would like to know your opinion about encrypting filesystem. VPS in the Cloud (IaaS). Potentially personal and sensitive information stored in files (e-mails). I know that keys are stored in RAM. At first encryption seemed like something nonsense in that scenario, because I assumed the same threat model as for my laptop. Biggest reason to encrypt data on my laptop is possibility of physically accessing it by adversary. More specific examples: robbery with theft when I go with my laptop on street or somebody breaking in to my apartment when I leave the city for few days.
When it comes to VPSes in datacenters these risks changes: I don't think physically breaking in is that probable, but those who are there have time and knowledge to extract keys from RAM are there, so encryption is not that effective in that use case.
On the other hand I know server uses SSD (cloud provider advertises it's infrastructure that it is based on SSDs). Let's assume I trust that RAM will not be accessed by adversary from other VPS. Should I also assume that no data will be leaked via relocations done on the SSD-based storage? I fear that virtual disk will be copied to other storage, but not overwritten/deleted from the former before provisioning there other VPS of potential adversary without properly erasing it first. Or just somebody steals some unused SSD/sells them without proper erasure.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #2   (View Single Post)  
Old 10th June 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,799
Default

I have a couple of VPSes, and I do not bother using encrypted storage. I could say it does not seem to me to add benefit for the intra-VPS threat model, nor the threat model from the hosting service provider. Of course, I could be wrong.
Reply With Quote
  #3   (View Single Post)  
Old 11th June 2019
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 500
Default

Quote:
Originally Posted by jggimi View Post
I have a couple of VPSes, and I do not bother using encrypted storage. I could say it does not seem to me to add benefit for the intra-VPS threat model, nor the threat model from the hosting service provider. Of course, I could be wrong.
Do you have any database installed on any VPS? Do you use built-in database encryption methods? It may be whole database or particular column of some table.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #4   (View Single Post)  
Old 11th June 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,799
Default

At the moment, no, but I was running MariaDB on a VPS until recently, and may do so again in the future. No database encryption, access was via TCP socket.
Reply With Quote
Reply

Tags
cloud, disk encryption, iaas, vps

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Launching in 2015: A Certificate Authority to Encrypt the Entire Web J65nko News 1 18th November 2014 11:52 PM
Security DNSCrypt: a tool to encrypt all DNS traffic J65nko News 0 8th December 2011 08:13 PM
encrypt my downloads Simon General software and network 5 7th April 2010 07:41 AM
Easiest Way to Encrypt /tmp Oko OpenBSD Security 4 16th April 2009 08:13 PM
Questions about encrypt local passwords aleunix OpenBSD Security 4 2nd June 2008 02:07 PM


All times are GMT. The time now is 07:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick