Dedicated server security: 2 part question

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Dedicated server security: 2 part question

Post by alex.barylski »

Self-managed dedicated server security:

1) How secure are they in regards to anyone gaining access to the file system? Assume I have some sensitive files which *must* be kept that way. Would the server tech/admin's be able to get file contents? Not likely going to happen (I realize that) but could it? Once I install and setup as super admin thats it right? No one else could login except accounts I've created?

I'm thinking physically removing the hard drive and opening it with some low level tool could reveal the same files - again not likely but again it's possible?

2) What measures could I take in order to ensure this couldn't happen - even less likely :)

Is there an encrypted file system which would prevent such sneaky behavior? I cannot encrypt the files directly. :(

Edit: To sort of answer my second question - http://www.linux.com/howtos/Cryptoloop- ... stem.shtml

Cheers :)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

You can encrypt any filesystem with linux if you build support into the kernel for it. I think the answers to your other questions are too obvious to answer really.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Hmmm...

So what I have assumed is correct then? With an encrypted file system my sensitive files are secure? Short of brute force attacks on cracking the password, are the files SAFE from outside intrusion without first logging in?

I'm not sure I see how that works. The files are encrypted until they are read or accessed and which point they are decrypted and used? I assume cached in RAM on frequently requested files - like say PHP scripts?
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Hockey you need to find a Linux or Network security book and read it...:).

Setting up an encrypted filesystem can be a complicated procedure depending on what you want. There must however be hundred's of how-tos on the topic. Once encrypted, and booted, the operating system will of course load decrypted files in many cases. Running any process which accesses files (decrypted) for network interactions (e.g. Apache + PHP) does of course mean network access bypasses the physical encryption.

The point here is that an encrypted filesystem is a physical security measure, not a network one. It also loses effectiveness when the server is actually running.

The two easiest setup methods are using a loopback (check Google) or a specialised encrypted filesystem type like CFS or EncFS. Both aren't all that hard to set up - there may however be some patching to existing packages to add support. Both options come with an essential practice - frequent backups. You do not want to find yourself with a lost password or key and encrypted data you may never regain access to!

Now go find a book - you shouldn't try running a dedicated server without a basic understanding of how to secure it from unauthorised remote and physical access. That can turn into a time consuming task especially since vendor's tend to use a default server image which needs some upfront configuration (as well as a firewall, anti-virus and a scan of what unnecessary network process are running - like telnet!).
Post Reply