Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Linux on web Server and paranoid security after encryption of hard disk


Linux on web Server and paranoid security after encryption of hard disk




Posted by hostyourdream, 03-10-2014, 03:56 PM
Hello I am wondering if i install a Linux distribution on a web server using full disk encryption what other things can do for protecting it? I mean when someone on the datacenter try to connect a keyboard and mouse and a monitor and try to view and copy my server files as it will not ask in that way any password? I know this is crazy but i am wondering for some extra security tips so even someone have physical access to be hard to go in my files Thank you
Posted by dr carter, 03-11-2014, 07:33 PM
Full disk encryption won't likely protect your server from the datacenter itself, or any one else who can get physical access to the server. Your issue is that while the disk itself is encrypted this only helps you if the server is off. If your server is on (and functioning) your server itself will be able to decrypt the disk, causing anyone with a working server password to be able to login still. If you are asking about the server being seized by some government agency, encrypting the disk does not help you either. When they go to the datacenter to seize your server, it will be on already if you are using it. They could then dump the contents of your ram, which would include the decryption key for your disk.
Posted by actsupport, 03-12-2014, 01:13 AM
If your only concern is to prevent unauthorized access to system, then you can have grub level password protection (using grub-md5-crypt) along with Drive encryption as you have mentioned. In Grub level password encryption, you will require a password to enter rescue mode itself.
Posted by JakeMS, 03-12-2014, 10:35 AM
Grub "Password Protection" is a false sense of security. Why? Simple, anyone can boot a disc/usb-stick with grub on it, and configure it to boot your server, thus completely bypassing the grub password. However, if your hdd is (fully) encrypted (And doesn't auto unlock to boot) they cannot get to run level 1, or even any run level without prior access to the password. Although, if the NSA get the server, don't worry, they already have your password in their data collection logs :-P.
Posted by hostyourdream, 03-12-2014, 01:50 PM
Ok i will wait for more opinions Is it possible and good to disable any ps2 and usb ports and cd/dvd drives on the server?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Media Errors vs. Other Errors vs. Predictive Failures (Views: 735)
heart hosting (Views: 751)
SSL problem (Views: 724)
KVM VPS Snapshot (Views: 762)
Lunarpages Mikula server restore difficulty? (Views: 778)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.