Hello, With the widespread of the cheap vps cloud services lately I wonder what protection does openvpn offers ... well against the server administrators. https://www.digitalocean.com/community/tutorials/how-to-secure-traffic-between-vps-using-openvpn It's obvious that no virtualization technology, whether it is openvz, kvm, vmware, virtualbox offers security against those who have full control of the host machine. Some of these virtualizations deemed to be *more secure* in comparisons like kvm over openvz but the bottom line is that a servers administrator can make a snapshot of the vps (droplet) any time, have access to all the files and the vm's memory. There isn't much point of encrypting the droplet's filesystem when the key can easily be dumped out of memory. But to get to the point, that if I setup openvpn on my droplet and let's say an evil admin sniffing my traffic for 3 months with tcpdump then decides to decrypt that traffic what tools does he have (if any to do this). At this point he has a pcap file and the openvpn server certificates and keys. I only refer to the encrypted traffic between the droplet and my computer. Obviously if I use this droplet to route all my traffic through it then he can sniff all the outgoing un-encrypted traffic to the internet. The reason why I ask this is because IPSec provides Perfect Forward Secrecy which if it's turned on would make it impossible to decrypt that sniffed traffic later, even if the attacker have all the keys. Thanks
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
