Secure CentOS 7 Server
-
A proper security bod might be able to suggest various options, but once an attacker has unlimited physical access to the server, you have had it.
-
@handsofqwerty said:
The OP made me chuckle...
And you still wonder why people don't like your comments.....?
-
@Aaron-Studer said:
@handsofqwerty said:
The OP made me chuckle...
And you still wonder why people don't like your comments.....?
If you think you can hide stuff from the NSA, as @Breffni-Potter said, good freaking luck. They were spying on every American and we had no idea until a consultant leaked the info. You think they can't get at your data if you encrypt your HDD, change the root password, and setup keys? Seriously?
-
Besides, I know you said you were doing it just for fun, but did you never consider that a post like this will red flag some places? If you're trying to figure out how to beat the NSA, ummm, you're going to lose that fight my friend.
-
@handsofqwerty - We all know that even visiting a website about the topic of Encryption will add you to a watch list.
I'm sure @Aaron-Studer knows this.The day we stop asking questions for fear of the man, is the day Big Brother has taken complete power.
-
AJ - I thought by changing your username that you were turning over a new leaf. Guess not.
-
@Breffni-Potter said:
@handsofqwerty - We all know that even visiting a website about the topic of Encryption will add you to a watch list.
I'm sure @Aaron-Studer knows this.The day we stop asking questions for fear of the man, is the day Big Brother has taken complete power.
No I know. I'm not saying we should fear it or not question it. I'm just saying that thinking we can beat them at this point seems kind of silly.
-
@Aaron-Studer said:
AJ - I thought by changing your username that you were turning over a new leaf. Guess not.
I have. I just don't see the whole purpose of the post. If it's for fun, why are you hosting it? Do something like this on your own hardware.
-
@handsofqwerty You my friend have no room to talk about pointless posts....
-
@Aaron-Studer said:
@handsofqwerty You my friend have no room to talk about pointless posts.........
Please stop turning this into an argument. I'm leaving this thread because nothing good will happen if I stay.
-
And this thread locks in...... 3..... 2..... 1.....
-
EDIT: ^ argument breaker -
Sounds like a bit of fun. Let us know when if you decide to go ahead... or not if you want to be super secret
-
We have a guideline for a secured host, be it Windows or Linux. On our stuff we deploy our images, we have processes for others. We don't have one for CentOS 7, mostly because we are not deploying it yet.
-
No shame whatsoever in wanting privacy. Privacy is a basic right. No citizen of their own country deserves to be spied on. In the last 15 years Americans and Europeans have decided to give up freedom for security. That is always a loss in my book. Especially when the so called "security" has done nothing to stop any type of attack. The odds of dying from any type of terror is less than being attacked by a shark.
-
@IRJ
But how do we prove it when everything is wrapped up in secrecy?How do we know that a major landmark was saved by security, or 100s of people did not train due to a bombing on a train, we just don't know.
-
@Breffni-Potter I dislike secrecy -- especially in the government... If the government is going to do something, at least be bold enough to tell the public about it... Even if it is after the fact. Otherwise it comes out as a "leak" around election time and detracts from the real issues that the American public is facing.
-
@Aaron-Studer said:
My first thought was about securing the root login so that Digital Ocean could not login to my server. With a public SSH key, that seems pretty easy to do, but you have to remember that Digital Ocean has console so in theory could still get in.
None of that protects against the host getting in at all. Remember, if they are going to break the law and hack your system, they will START by taking an image of your system and transporting it somewhere that you can't see. Then they have unlimited time to pull the filesystem apart. Honestly, this would be so simple that they would never even realize that you had passwords or keys. They'd have all of your data so easily that none of that would even slow them down.
Only disk or data encryption, which also prevents your system from booting on its own, will keep them from being able to see everything, anytime they decide to do so.
Remember the first rule of technology security - you have to trust your administrators. In this case DO is your admin. They have access.
-
@dafyre said:
@Breffni-Potter I dislike secrecy -- especially in the government... If the government is going to do something, at least be bold enough to tell the public about it... Even if it is after the fact. Otherwise it comes out as a "leak" around election time and detracts from the real issues that the American public is facing.
It's because the government thinks that they can claim security by obscurity and, for the most part, they are correct. Normal people confuse obscurity for security.
-
@Aaron-Studer said:
Also, I could host it outside the USA? Would this help?
If the goal is to keep things away from the NSA, you can host completely outside of the US with a company that has no US ties in a country that will not turn anything over to the US. Best candidates are China and Iran. But that only stops them handing you over, doesn't stop the NSA from attacking you.
