It really depends on the virtualisation technology that is being used - as far as I know if its a paravirt it won't have the BIOS but hypervisors will (the ones I have had a play around with such as Xen/Hyper V/ESX). VMWare (ESX at least, probably workstation too) for example appears to run PhoenixBIOS which you can even modify to suite your needs with a bit of hackory. Generally speaking the lower end of the VPS cost scale won't have the BIOS due to being paravirtualisation.
I had a brief look at the link provided in the first email - it doesn't really mention anything about encryption or the like which I would say is a larger issue than a BIOS password. Especially in a virtual environment, the BIOS password may only stop the VM from booting without it (It may very well be possible to reset the password from the hyper visor, never looked into it) but not a lot else. The question is what does the OP want to prevent and to what end will they go to achieve it? Providing you have administrative access to the server running the virtualisation software it is as good if not better than physically being infront of it - the BIOS password may stop a VM booting but whats stopping the administrator mounting the disk on another VM or if its something like VZ just browsing the files directly from the parent (not to mention there is more than likley a way to reset the BIOS password if it is enabled in a VM)? The same thing applies to physical servers - you can set a BIOS password but that alone will not prevent someone with unfettered access to the server from say plugging the disks in somewhere else (sure it will cause an outage and alert etc. etc.). If the main concern is an administrative user taking the files, consider: * Not using paravirts - some security risks outlined above and in previous email. Files can generally be modified online from the parent container (eg. root passwords changed without reboot). * Set up an encrypted file system for important data - if the server is rebooted to gain root access the file system will no longer be mounted. Appropriate monitoring should be in place to catch events like these (see next point). * Offsite logging/system integrity monitoring - if someone does get root access and something (eg. system binaries) replaced or modified you want to know about it. Things like ossec can accomplish this easily. * Protect single user mode by enabling authentication At the end of the day you can protect your (virtual) server as much as you want - if someone has physical access (or administrative privileges to the host running the VPS) I would say encrypting the files in a secure manner is the best bet. Just don't let convenience get the better of you, eg. mounting an encrypted file system automatically on boot without user action (storing the keys locally on disk - just pointless unless they are protected in some manner). With that being said, there may be a secure way to do that but I can't think of it/don't know of one. Thats just a few things I can think of straight away, but without knowing a few more details on what the OP wants and on what technology I can only give broad pointers like that. sht On 6/03/2012 8:26 PM, Fernando Mercês wrote: > Commonly in a VPS environment you have access only inside the VM. I can't see any way to access BIOS. > > Regards, > > Fernando Mercês > Linux Registered User #432779 > www.mentebinaria.com.br <http://www.mentebinaria.com.br> > ------------------------------------ > "Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade de mudança é preciso mudar". (Elliot Gould) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
