ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Secure CentOS 7 Server

    IT Discussion
    9
    43
    7.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      I was doing some thinking this morning about how to create a super secure CentOS 7 Server - just for fun, I have no need for something that secure. In my case, I will be using Digital Ocean.

      My first thought was about securing the root login so that Digital Ocean could not login to my server. With a public SSH key, that seems pretty easy to do, but you have to remember that Digital Ocean has console so in theory could still get in.

      Some then I was thinking, what about whole disk encryption? If I encrypt the entire system, then Digital Ocean can't access any of my data. Also if the NSA asked the Digital Ocean for the data, they would not have the key, so they would just turn over encrypted data, right?

      Once again, I don't have any need for this right now, just a fun side project. The goal here is to have a hosted server on Digital Ocean that only you can control.

      S 1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        Also, I could host it outside the USA? Would this help?

        D S 2 Replies Last reply Reply Quote 0
        • D
          Deleted74295 Banned @A Former User
          last edited by

          @Aaron-Studer said:

          Also, I could host it outside the USA? Would this help?

          In the case of law enforcement, if you are trying to hide from the NSA. Good flipping luck. If you host in a majority of countries, I'm pretty sure that if Uncle sam wants the data, whatever nation's own law enforcement will go after the hosting provider.

          Or they'll send in Sam Fisher to where-ever the data lives. 🙂

          Safest data is offline data in a safe. Paper records are impossible to hack.

          S 1 Reply Last reply Reply Quote 1
          • D
            Deleted74295 Banned
            last edited by Deleted74295

            Can't provide direct links, but any organisation claiming to offer NSA proof data hosting, is normally closed fairly quickly OR they have been proven to be mole agencies by the Government acting as informants. Providing back door access.

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by

              @scottalanmiller and I were talking, and his thought is, if the NSA wants the data, they can get it.

              So, now the question is can we keep DO from having access to the server/data?

              1 Reply Last reply Reply Quote 0
              • D
                Deleted74295 Banned
                last edited by

                @Aaron-Studer said:

                So, now the question is can we keep DO from having access to the server/data?

                Who/what is DO? 🙂

                ? 1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @Deleted74295
                  last edited by

                  @Breffni-Potter said:

                  Who/what is DO? 🙂

                  Digital Ocean

                  1 Reply Last reply Reply Quote 0
                  • D
                    Deleted74295 Banned
                    last edited by

                    I guess I'd be worried about.

                    Encrypt data on the drives? They can take a copy and eventually break it if they are really keen.
                    Encrypt data in transit? You'd need to worry about man in the middle attack, especially as they can put physical interceptors at the data centre.
                    Back door server login? You've had it.

                    1 Reply Last reply Reply Quote 0
                    • H
                      handsofqwerty
                      last edited by

                      The OP made me chuckle...

                      ? 1 Reply Last reply Reply Quote -1
                      • D
                        Deleted74295 Banned
                        last edited by

                        A proper security bod might be able to suggest various options, but once an attacker has unlimited physical access to the server, you have had it.

                        1 Reply Last reply Reply Quote 1
                        • ?
                          A Former User @handsofqwerty
                          last edited by

                          @handsofqwerty said:

                          The OP made me chuckle...

                          And you still wonder why people don't like your comments.....?

                          H 1 Reply Last reply Reply Quote 0
                          • H
                            handsofqwerty @A Former User
                            last edited by

                            @Aaron-Studer said:

                            @handsofqwerty said:

                            The OP made me chuckle...

                            And you still wonder why people don't like your comments.....?

                            If you think you can hide stuff from the NSA, as @Breffni-Potter said, good freaking luck. They were spying on every American and we had no idea until a consultant leaked the info. You think they can't get at your data if you encrypt your HDD, change the root password, and setup keys? Seriously?

                            1 Reply Last reply Reply Quote -1
                            • H
                              handsofqwerty
                              last edited by

                              Besides, I know you said you were doing it just for fun, but did you never consider that a post like this will red flag some places? If you're trying to figure out how to beat the NSA, ummm, you're going to lose that fight my friend.

                              1 Reply Last reply Reply Quote -1
                              • D
                                Deleted74295 Banned
                                last edited by

                                @handsofqwerty - We all know that even visiting a website about the topic of Encryption will add you to a watch list. 🙂 I'm sure @Aaron-Studer knows this.

                                The day we stop asking questions for fear of the man, is the day Big Brother has taken complete power.

                                H S 2 Replies Last reply Reply Quote 1
                                • ?
                                  A Former User
                                  last edited by

                                  AJ - I thought by changing your username that you were turning over a new leaf. Guess not.

                                  H 1 Reply Last reply Reply Quote 0
                                  • H
                                    handsofqwerty @Deleted74295
                                    last edited by

                                    @Breffni-Potter said:

                                    @handsofqwerty - We all know that even visiting a website about the topic of Encryption will add you to a watch list. 🙂 I'm sure @Aaron-Studer knows this.

                                    The day we stop asking questions for fear of the man, is the day Big Brother has taken complete power.

                                    No I know. I'm not saying we should fear it or not question it. I'm just saying that thinking we can beat them at this point seems kind of silly.

                                    1 Reply Last reply Reply Quote -1
                                    • H
                                      handsofqwerty @A Former User
                                      last edited by

                                      @Aaron-Studer said:

                                      AJ - I thought by changing your username that you were turning over a new leaf. Guess not.

                                      I have. I just don't see the whole purpose of the post. If it's for fun, why are you hosting it? Do something like this on your own hardware.

                                      ? S 2 Replies Last reply Reply Quote -1
                                      • ?
                                        A Former User @handsofqwerty
                                        last edited by A Former User

                                        @handsofqwerty You my friend have no room to talk about pointless posts....

                                        H 1 Reply Last reply Reply Quote 0
                                        • H
                                          handsofqwerty @A Former User
                                          last edited by

                                          @Aaron-Studer said:

                                          @handsofqwerty You my friend have no room to talk about pointless posts.........

                                          Please stop turning this into an argument. I'm leaving this thread because nothing good will happen if I stay.

                                          1 Reply Last reply Reply Quote -1
                                          • ?
                                            A Former User
                                            last edited by

                                            And this thread locks in...... 3..... 2..... 1.....

                                            1 Reply Last reply Reply Quote -1
                                            • 1
                                            • 2
                                            • 3
                                            • 3 / 3
                                            • First post
                                              Last post