Protecting IP on a remote server

Question

Apologies in advance if this question is a bit vague.

I just joined a stock trading group. A guy set up a server for me, and it's racked in their building. I ssh into it, and run my algo remotely from my house.

I just started worrying about intellectual property, though. How do I prohibit any kind of access by anyone besides myself given that the server is housed in their building? What's the best I can do? Or at the very least, how do I lock everyone out of one of the specific directories, let's call it /usr/boxfiles/bbox

The server is ubuntu, btw. I use ubuntu on my local pc, but I'm no expert. Would it work to get rid of the source files after I compile and get the executable?

Answer 1

You don't.

If a device is in your physical possession, then you can have unlimited access to it. If it is someone else's physical possession, then they have unlimited access to it.

If you want to protect yourself from them, then don't let them have your server.

Answer 2

While I agree with @tylerl strictly speaking. I would suggest to make sure they are legally liable in case of theft, interruption or other inconveniences (Service Level Agreement). Also make sure that they alert you when they need to access your machine for whatever reason.

There are also some things you could do, but these are highly dependent on having network. There are monitoring systems like Nagios and OSSEC which will allow you to monitor a lot of parameters and automatically notify you by email or text message (if you have a built in GSM module).

Depending on your server hardware you can detect a lot of stuff which are hard ware related, temperature, usage, ... also you can monitor if a chassis is opened or not. With OSSEC you can also monitor successful logins.

This isn't targeted attacker proof but could give you some insights regardless.

Answer 3

I agree with both @tylerl and @Lucas Kauffman. I will also state that you can take some precautions such as firewall settings, and setting restrictions that will only allow certain IP addresses to connect. In rare paranoid cases you can even change the default SSH port number to another unused port number. This way since SSH commonly uses port 22 changing it to something else may throw people off and only those allowed to connect would know the correct port number to use.

PS: your probably already aware of this but worth mentioning. Never ever ever give your user name and password out to anyone. If you need multiple users on a server create a seperate user account. If users need root access assign them sudo priviledges

Answer 4

In addition to what others wrote, and while noting that you claim to be "no expert", do you need to have an external server or could you run locally (or at least not on their kit)? If the server you're using is for order execution, has feeds to a broker or the exchange itself, and if order execution timing is critical, then it could make sense. However if you are simply back testing, you could run your models on a local machine provided that you have a pricing feed and a collection of historical data.

If you do need to be on their server, keep the source code off if you can, and consider some mechanism that would prevent others from trivially running the code without some form of challenge. Also don't have log files lying around with any useful clues to your models.