Lots of people wrote: <snip various comments about physical access>
I've said this before in different contexts; it bears saying again. I work for the UK's largest dedicated hosting company (don't worry about the semantics; yes Verio/WorldCom/Planet/etc have a larger hosting presence than us but they do other things too). We host several thousand RaQs, Windows machines, Linux boxes of all shapes and sizes, Sun boxes, BSD, yadda yadda yadda. One of the reasons we are where we are is that the staff here do not go faffing about with people's machines (unless specifically asked by the owner/contract holder). Any hosting or colocation centre which is at least giving the impression of a professional outfit would not dare employ staff who are so stupid as to go sticking their fingers in customers' machines. If they did, those staff would soon be replaced and would probably find it very difficult to work in this industry again - word gets around pretty quickly in this town - if they didn't find themselves in trouble with the law (depending on the local variations of computer access laws). Let's face it; if I was to let myself into one of our datacentres and go exploring, what would I find? A bunch of irrelevant (to me) website files, perhaps some e-commerce applications, maybe even some warez. And lots and lots of meaningless emails, amongst all the spam. I'm not interested. I don't care what's on the machines, I just wanna keep the things running. If they break, I fix them. The data is irrelevant. Colo/host centres are, in the majority of cases, staffed by professionals; I preclude any 'companies' which are run by sixteen-year-olds in the spare room of their parents' house with RaQs teetering on top of filing cabinets in that description. If anyone wants to host somewhere like that, go ahead - YGWYPF :) Unless you pay for a leased line to your own premises where only you have access, then someone else is *always* going to have physical access to your machine. Trust depends on how the outfit you go with portray themselves, I guess. Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
