Hello Chris, There is something extremely weird going on around lately. People are easily take offense where no offense where intended (and hard to find anyway). Nick was just telling you that (in his expert opinion) you shouldn't worry much about "Meltdown, Spectre, insecure motherboard chips", but concentrate on the real security instead. Unfortunately the real security takes years of learning and experience, and can't be "advised" in a couple of emails, but he provided a lot of valuable (and valid) information (which you where not ready to digest, I guess). If you are allowing to run an arbitrary code on you server you are screwed with or without Spectre, otherwise there is nothing to spy on you on that server (even if it's technically possible). If (any) government agency really want to access you server, you are writing to the wrong list, otherwise government installed spying chips (if any) wont really hurt you. On the other hand, crapware (like Superfish) might.
BTW, your boss doesn't need to be stupid to compromise your password (or keys), just a "normal" human. Security isn't grokkable by "normal" people. Tuesday, November 20, 2018, 2:11:52 PM, you wrote: CB> On Tue, Nov 20, 2018 at 02:24:55PM -0500, Nick Holland wrote: >> On 11/20/18 11:43, Chris Bennett wrote: >> > I am almost certainly going to be replacing with a new server for an >> > organization I am a member of. >> > With all of this mess with Meltdown, Spectre, insecure motherboard >> > chips,etc. >> > I am pretty clueless on exactly what is going to be a secure set of >> > server hardware. >> > Intel, well no. >> > AMD? I have read about problems with non-CPU chips being compromised. >> > Another architecture? I have never used anything other than Intel/AMD. >> > >> > The server will run httpd, mailserver, PostgreSQL and somehow a good way >> > for well encrypted messaging at times. >> >> all on one server? >> >> And as someone who has run a number of mail servers for a number of >> companies ... don't. Just don't. Running your own mail server is a >> good way to accomplish nothing except wasting a lot of time and making >> people hate you. >> CB> The mail server is ONLY intended for members of the organization. CB> You would have me use gmail or yahoo? CB> The organization is suing another group for slander. >> > It is very likely to run out of Austin, Texas. >> > I think that having a direct connection would be best, but would a >> > proper setup make collocation OK? >> >> You are using poorly defined buzzwords. What you mean by a "direct >> connection", "proper setup", "collocation" and what I mean are likely >> very different. >> CB> Well, then tell me some useful information. Correct my idiotic CB> buzzwords. There was carefully noted in my message that I am facing new CB> territory and need some advice. >> > This isn't going to be my server, I will just be in charge. That's >> > completely new for me. >> > Any advice is really welcome, everywhere I read anything, hardware seems >> > broken and insecure. >> >> Pretty much all new HW is optimized in ways that we are now learning >> (and has been known for a long time) introduce security problems. >> However, most of the problems boil down to having malicious software >> running in the control of someone else on the same physical machine YOUR >> code is running on. >> >> In short: No news. Really. >> >> If someone that wanted to do you evil lived in the same house as you, >> you would not be comfortable, right? What if you put up walls >> (virtualization) that have proven to to be about as robust as paper? >> That make you feel any better? Probably not. Virtualization has been >> proven -- over and over -- not terribly secure. Now we got >> cross-virtualization platforms ways of stealing data from other >> processes. Important? yes. But in the big picture, it's similar to Yet >> Another buffer overflow. >> CB> To be quite frank, and I don't mean anything negative to others using CB> virtualization, you couldn't pay me to even consider using something CB> that idiotic for trying to make a "secure" setup. And using the "clouds" CB> , to me, is getting just a little bit too "high". >> So...split your tasks on different physical systems as much as possible. >> If your webserver is serving static pages, it's probably pretty robust. >> If it's running Wordpress or any other "any idiot can manage the web >> page" apps or dynamic web pages for other reasons, it should be a >> machine of its own and have no other important data on it. CB> Yes, using that idiotic Wordpress crap is exactly one of many problems I CB> am going to immediately fix. Whoever is in charge can't even make that CB> work! >> Your primary goal should be to keep the bad guys off your computer in >> every sense. And again...nothing new here. >> >> But if security is your concern, you want real hw you control in every >> sense. >> CB> Which is exactly what my silly buzzwords was trying to get a point of CB> view on. I already assumed that having sole physical control was CB> essential. But questions not asked are never answered. >> Unfortunately, if you have performance requirements, your choices are >> AMD and Intel. Older Intel and AMD chips aren't getting any support to >> deal with these problems, so your choices are incredibly old chips which >> are probably not in the most reliable hardware, and a whole bunch of >> other old, unreliable, and slow hardware platforms. But be realistic. >> Your bosses will probably mandate a VM on someone else's hw, a wordpress >> website, one box for everything, and that you give him the root password >> which he'll e-mail to himself to keep it "secure". Your most likely >> breach points will be an easily guessed password (usually, a manager's), >> a bug in a web content management system, or someone believing that >> "secure e-mail" is a thing. In other words, Same Old Shit. It probably >> won't be breached by a Spectre or Meltdown-like attack. But it MIGHT >> be. Obsessing about them is generally missing the real day-to-day risks. >> CB> Does no one at all use OpenBSD for anything but making money or looking CB> cool? CB> Does no one at all do any kind of work for charity? CB> Is there some virus going around that makes everyone so hostile? CB> Why assume that I have some idiotic boss that wants to fuck things up? CB> Did it ever occur to you that I might be doing this work for free? CB> Did it ever occur to you that the organization might be doing major CB> disaster relief from all of the recent hurricanes devastating the CB> Southern US. That they might be helping to protect first responders CB> doing wellness checks on homes? That they might be stopping homes and CB> businesses from being looted? CB> That the primary members of the organization are law enforcement, CB> paramedics and veterans? CB> But hey, if I can't fill up my bank account, I guess the usage of CB> OpenBSD is discouraged. -- Best regards, Boris mailto:psi...@prodigy.net
