Re: Dedicated server vs. VPS
Hi, This should probably be discussed off-list, anyway - the one that has the most dedicated resources and has the best security policy. Generally when it comes to keeping the kernel/system tools updated it's all about your own OS since it's usually independent from the hostnode. Except kernel in the openvz-case where the provider is responsible of keeping the kernel up to date. There will always be undiscovered holes in the kernel and/or toolchain but a hoster that does not put their hardware nodes on the internet is one step closer to good security. There is no way you can restrict a hosters access to your VPS, that's basically true for DS as well if you have the root-password in some sort of control-panel or if the support has it for some reason. Basically, depending on what type of security you really want, both is as secure as you make them - or as the provider makes it. There will always be a risk of getting owned. //T On Mon, March 5, 2012 00:28, Stayvoid wrote: Hello! Which one is more secure? VPS is usually cheaper then DS so I don't really want to pay extra money for nothing. I also want to restrict hoster's access to my machine. Is it possible with VPS? There was an accident with Linode. [1] An intruder accessed one of Linode's services and customers machines as well. [1] http://status.linode.com/2012/03/manager-security-incident.html Cheers -- Timh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52b255c8764375abcd897d1a6f58cf8e.squir...@webmail.shiwebs.net
Re: Dedicated server vs. VPS
On Mon, Mar 5, 2012 at 2:59 AM, Timh B t...@shiwebs.net wrote: Hi, This should probably be discussed off-list, anyway - the one that has the most dedicated resources and has the best security policy. Generally when it comes to keeping the kernel/system tools updated it's all about your own OS since it's usually independent from the hostnode. Except kernel in the openvz-case where the provider is responsible of keeping the kernel up to date. There will always be undiscovered holes in the kernel and/or toolchain but a hoster that does not put their hardware nodes on the internet is one step closer to good security. OpenVZ has nothing to do with it, all of them have that ability so specifically mentioning OpenVZ when Xen is like that and so is VMWare (to an extent I guess) is absolutely pointless. It's up to the provider to decide what type of VM you have, and the fact is that most of them chose not to give you access to the kernel because most of them know how many unknown exploits there are, and keeping the Kernel out of the VM space prevents kernel exploits (to a certain extent) but good providers give you the ability to select your kernel or kick it into a mode that allows you to use your own kernel. There is no way you can restrict a hosters access to your VPS, that's basically true for DS as well if you have the root-password in some sort of control-panel or if the support has it for some reason. This is not true in any case, including a dedicated server. It takes but a minute and your drive to get access to your server, root password or not, adjusted grub bootloader or not. Saved in a control panel or not. This is a quite talked about subject when it comes to Linux, but it's not really a security problem for the most part unless you plan to get a laptop stolen or something, but there are clear ways to fix that problem. Unless that entire drive is encrypted and requires the password to even boot they can get into it anytime they want. Dedicated servers are no more secure then VM's when it comes to this. It does however make them harder to manage and recover in user error since they don't attach a TTY. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAN5oe=3epspsk27x4ovqblllshuj+c0ejfp34ey6yz2q46w...@mail.gmail.com
Re: Dedicated server vs. VPS
On 05/03/12 10:30, Bedwell, Jordon wrote: This is not true in any case, including a dedicated server. It takes but a minute and your drive to get access to your server, root password or not, adjusted grub bootloader or not. Saved in a control panel or not. This is a quite talked about subject when it comes to Linux, but it's not really a security problem for the most part unless you plan to get a laptop stolen or something, but there are clear ways to fix that problem. Unless that entire drive is encrypted and requires the password to even boot they can get into it anytime they want. Dedicated servers are no more secure then VM's when it comes to this. It does however make them harder to manage and recover in user error since they don't attach a TTY. I think that a dedicated server is far more secure than a VPS if you encrypt the drive. In a dedicated server you can encrypt the whole hard drive [1] and nobody would be able to access it. A successful cold boot attack would require physical access to the server. On a VPS no matter if you encrypt the disk since the master has access to the guest's RAM and therefore an attacker that has compromised the master can extract the key easily from there. Regards! [1] http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/ -- ~~~ Carlos Alberto Lopez Perez http://neutrino.es Igalia - Free Software Engineeringhttp://www.igalia.com ~~~ signature.asc Description: OpenPGP digital signature
Re: Dedicated server vs. VPS
I think that a dedicated server is far more secure than a VPS if you encrypt the drive. I don't think that I can encrypt it. I want to use that machine for MTA and a web server. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAK5fS_G4tes8hBx7eFA61c=8zwofdpyojrtwxgebvlh1cik...@mail.gmail.com
Re: Dedicated server vs. VPS
I don't think that I can encrypt it. I want to use that machine for MTA and a web server. Why? Where is the connection between no encryption and the use as a MTA and web server? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3ae93cb8f560778c1d8ea9cb913cffac.squir...@fulvetta.riseup.net
Re: Dedicated server vs. VPS
Why? Where is the connection between no encryption and the use as a MTA and web server? I don't know really. I've thought that data should be available. Tell me more about it. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cak5fs_hq5zkoowjhguytuw1vuq6_vm-r0+jddsxvx6ugdo2...@mail.gmail.com
Dedicated server vs. VPS
Hello! Which one is more secure? VPS is usually cheaper then DS so I don't really want to pay extra money for nothing. I also want to restrict hoster's access to my machine. Is it possible with VPS? There was an accident with Linode. [1] An intruder accessed one of Linode's services and customers machines as well. [1] http://status.linode.com/2012/03/manager-security-incident.html Cheers -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAK5fS_E3BvagOa40hDW25ux_Bd66O7x1+SM+FhEh=nyyzbg...@mail.gmail.com
Re: Dedicated server vs. VPS
On Mon, 5 Mar 2012, Stayvoid stayv...@gmail.com wrote: Which one is more secure? The one that is run by the most skilled people who devote the most resources to making it secure. But this is nothing to do with the debian-security list. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201203051035.18279.russ...@coker.com.au