Commonly in a VPS environment you have access only inside the VM. I can't see any way to access BIOS.
Regards, Fernando Mercês Linux Registered User #432779 www.mentebinaria.com.br ------------------------------------ "Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade de mudança é preciso mudar". (Elliot Gould) On Tue, Mar 6, 2012 at 9:03 AM, shthead <li...@shthead.com> wrote: > On 6/03/2012 7:56 AM, Stayvoid wrote: > > Hello. > > > > "Before you install any operating system on your computer, set up a > > BIOS password. After installation (once you have enabled bootup from > > the hard disk) you should go back to the BIOS and change the boot > > sequence to disable booting from floppy, CD-ROM and other devices that > > shouldn't boot. Otherwise a cracker only needs physical access and a > > boot disk to access your entire system." [1] > > Is there a way to prevent such actions while using a VPS? > > > > [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html > > > > Cheers > > > > > I probably going to say no but my experience with virtualisation has only > been with ESX/VSphere, OpenVZ and Virtuozzo (OpenVZ and Virtuozzo are very > similar). Do you have any particular virtualisation software in mind? > > With ESX/Vsphere anyone with the appropriate permissions is able to force > the VM into booting into the BIOS. This would be my preferred option - with > an encrypted file system it should be pretty safe as the VM would need to > be rebooted to change the root pass to get access from the console. It > would give the server admin root access to the server but as long as your > data is encrypted in a secure manner it won't be easy to get it out even if > the disk is just mounted on another VM to browse around without changing > passwords. > > With OpenVZ and Virtuozzo you are able to enter the containers from the > hardware node and get root access ('vzctl enter id'). I can't remember if > this logged anything inside the container showing that the administrator > did this. The admin can also just browse the files directly off the > hardware node without "entering" the container. I don't think you can do > much to prevent this at all. I generally stay away from paravirtualisation > products for anything too important with this being one of the reasons. > > What level of security do you want to achieve at the end of the day? It > may turn out that going onto a shared platform out of your control isn't > the best option. > >
