Jozsi Vadkan wrote:
I want to put my server in a "server hotel".
But: I don't trust my "server hotel owner".
What can I do?
1)
Even if you encrypt the whole disk and you have a remote console
available (via serial port or KVM switch), you still will have to trust
your provider that he doesn't sniff that traffic.
2)
If you can't detect a reboot of your machine because the attacker has
"cleaned" the logs etc., then anybody with physical access can own the
machine. I'm not aware of any way to prevent this.
(see also "cold boot attack", or simply creating a disk image and doing
a brute force attack against the image)
3)
Your only chance might be to have a card in the machine (e.g. IBM RSA)
that allows remote control. But the traffic to it will have to be
encrypted (-> 1) and it has to detect if it was temporarily removed from
the machine during a physical attack, and even then it needs to report
this back to you. I don't know if there is any card out there that can
provide this level of protection...
If you are really paranoid and the hacker type, then I guess you can
hide a mobile phone inside the case, connect it via USB and have it
constantly report the status (power, light sensor, GPS etc.).
In the end it is as usual a question of cost vs benefit. If your machine
is *that* valuable then you shouldn't put it in an untrusted environment
in the first place.
In your case I guess you should encrypt your data and have the machine
email you if it reboots. Then you can login via SSH and enter the crypto
key and start the "stage 2" applications that need the encrypted data.
You will have to trust your provider that he doesn't do any physical
attacks (e.g. replace OS files).
kind regards,
Robert
