Re: [rdiff-backup-users] Re: offsite service providers?

[Greg Freemyer]

On 3/16/07, Richard Steven Hack <address@hidden> wrote:
> Greg Freemyer wrote:
> > With a Dedicated Server or VPS (virtual private server) I would feel
> > confident enough, but with a truly shared server at a minimum the
> > local admin could access the files.
>
> If your box isn't physically under your control, ANYBODY who DOES have
> physical access can get in.

That is the purpose of a encrypted filesystem.  I have not done any
research recently, but I assume that I could set one up via FUSE.
Then anytime the server / VPS rebooted I would have to login via SSH
and manually do the mount.  For me at least that would be acceptable.

> It's that simple, dedicated server or no. That's a basic security concept.
>
> So the risk isn't any higher than ANY Web hosting situation, in my view.

Again, with normal web hosting I doubt if I have a way to setup an
encrypted FS.  (I may be wrong about that.  I'll do a little more
research now that I think about it more.  ie. Dreamhost provides ssh
access, but no root access.  It is possible that via fuse I can do
this as a normal user, not just as root.

> If you have files detailing your plans to fly planes into a tall
> building, I wouldn't store them there. But if you're willing to let your
> customers credit card numbers be stored there, why not any other files -
> as long as they're legal?
Actually it is not our companies files I'm worried about.  It is our
clients data that I have a stronger requirement to secure.

Specifically we do some work with the US Fed. Gov. and the contracts
call for us to ensure "Business Secrecy".  I'm not sure what that
really means, but I talked internally and we're not comfortable
sending that class of data out of our control unless it is encrypted.

Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century