The best way to hide data Encryption,Connection,Hardware
Posted
by
Tico Raaphorst
on Server Fault
See other posts from Server Fault
or by Tico Raaphorst
Published on 2013-11-04T15:04:20Z
Indexed on
2013/11/04
15:56 UTC
Read the original article
Hit count: 237
So to say, if i have a VPS which i own now, and i wanted to make the most secure and stable system that i can make. How would i do that?
Just to try:
I installed debian 7 with LVM Encryption via installation: You get the 2 partitions a /boot and a encrypted partition. When booting you will be prompted to fill in the password to unlock the encryption of the encrypted partition, Which then will have more partitions like /home /usr and swapspace which will automatically mount.
Now, i do need to fill in the password over a VNC-SSL connection via the control panel website of the VPS hoster, so they can see my disk encryption password if they wanted to, they have the option if they wanted to look at what i have as data right? Data encryption on VPS , Is it possible to have a 100% secure virtual private server?
So lets say i have my server and it is sitting well locked next to me, with the following examples covered
- bios (you have to replace bios)
- raid (you have to unlock raid-config)
- disk (you have to unlock disk encryption)
- filelike-zip-tar (files are stored in encrypted archives)
- which are in some other crypted file mounted as partition (archives mounted as partitions)
- all on the same system
So it will be slow but it would be extremely difficult to crack the encryption. So to say if you stole the server.
Then i only need to make the connection like ssh safer with single use passwords, block all incoming and outgoing connections but give one "exception" for myself. And maybe one for if i somehow lose my identity for the "exeption"
What other overkill but realistic security options are available, i have heard about SElinux?
© Server Fault or respective owner