Good Morning!
The cloud is completely anonymous, that makes the feeling to do something (as a provider) much lower in my opinion. Knowing someone, even the face, is much better. Since I know this point I did not call it "physical security" but "security through obscurity" on purpose. Since such a plug PC makes extraction of data a bit more complex - possible always - I gain time. Time when the box is offline to revoke my keys ;) I do have to trust the people I will be hosting it with, there is a reason I do it in switzerland. (Yes, I belive after beeing the nation of money we will be the *data bankers* soon) @Stanislav: Interesting flag with SSH -A - I will have to read there futher, is this something like PFS with IPSEC? never heard about that flag. I think we are creating a topic for next swinog here. "Networking for Mobile workers (Mosh) with paranoia" Am 02.06.2012 08:57, schrieb Viktor Steinmann: > Interesting topic, especially looking at the current cloud trends. > We've been discussing this internally and came to the conclusion, that > as long as someone has physical access to a server, he will always be > capable of reading the data on that server with more or less effort. > > Even using a high level of physical security to ensure, nobody has > physical access to the box can be broken with enough time and effort, > especially from the people housing the box. > > In the end, all you need is trust. If you trust the people housing > your box and if you trust their ability to keep the bad guys > physically away, everything is fine. If you can't trust them you are > lost in any case. > > Kind regards, > Viktor > > Am 02.06.2012 01:05, schrieb Stanislav Sinyagin: >> security by obscurity? >> you know, with a JTAG adapter and a bit of knowledge, one can read >> the onboard flash from those plugs too. >> so, probably a better approach is to have a system which doesn't >> expose your data when the disk is compromised. The simplest example >> is SSH with public key authentication and authentication forwarding >> (-A flag). >> > > > > _______________________________________________ > swinog mailing list > [email protected] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
