Jozsi Vadkan wrote:
I want to put my server in a "server hotel".
But: I don't trust my "server hotel owner".
What can I do?

1)
Even if you encrypt the whole disk and you have a remote console available (via serial port or KVM switch), you still will have to trust your provider that he doesn't sniff that traffic.

2)
If you can't detect a reboot of your machine because the attacker has "cleaned" the logs etc., then anybody with physical access can own the machine. I'm not aware of any way to prevent this. (see also "cold boot attack", or simply creating a disk image and doing a brute force attack against the image)

3)
Your only chance might be to have a card in the machine (e.g. IBM RSA) that allows remote control. But the traffic to it will have to be encrypted (-> 1) and it has to detect if it was temporarily removed from the machine during a physical attack, and even then it needs to report this back to you. I don't know if there is any card out there that can provide this level of protection...

If you are really paranoid and the hacker type, then I guess you can hide a mobile phone inside the case, connect it via USB and have it constantly report the status (power, light sensor, GPS etc.).

In the end it is as usual a question of cost vs benefit. If your machine is *that* valuable then you shouldn't put it in an untrusted environment in the first place.

In your case I guess you should encrypt your data and have the machine email you if it reboots. Then you can login via SSH and enter the crypto key and start the "stage 2" applications that need the encrypted data. You will have to trust your provider that he doesn't do any physical attacks (e.g. replace OS files).

kind regards,
Robert

Reply via email to