2

I need to host a sensitive financial software somewhere. Given that I don't have the resource to locally host the software locally, I'm oriented toward a VPS or Dedicated server.

How can I be sure that the hosting company doesn't steal my SSH password with a Man In the Middle or 0day attack?

Is there any solution to guarantee integrity of your data in a third party hosted service?

Maybe I can host the machine locally, and buy a public proxy with DDOS protection and network monitoring?

Mascarpone
  • 872
  • 3
  • 9
  • 27
  • 2
    Given the level of your requirements, you really need to bring a trained and experienced SysAdmin/Security consultant in on the project. – Chris S Oct 06 '11 at 15:42
  • Yes, I agree with you. But how can I tell if he's bullshitting me or if he's a real pro? the only way is to educate yourself and make questions :) – Mascarpone Oct 06 '11 at 15:47
  • 1
    @Mascarpone Or get recommendations from others in the industry. Use your business contacts to get recommendations. Ask for referrals from previous customers. Any good consultant will have no problem with this. – MDMarra Oct 06 '11 at 16:05

2 Answers2

7

There is no solution to guarantee the security of data physically outside your control.

  • A VPS can be mirrored by your provider.
    They don't need your SSH keys: They can slurp the data right off the image.

  • A physical server can have its disks ripped out and cloned.
    If it's a RAID you wouldn't see downtime, and even if you got an alarm the data's already taken.

  • If you lock the machine up physically it can be taken from the rack.
    Yeah, you'll notice it went away, but the data is gone.

  • Are your backups encrypted?
    Stealing a tape is a favorite way of getting data.
    If you back up over the network can I sniff the traffic and get it all in cleartext?


Having outlined the nightmare scenario, I can make the following recommendations:

  • Worry about the most likely attack vectors.
  • Generate SSH keys before you deploy the server.
  • Check the fingerprint when you connect. Don't connect if it changed.
  • Make sure backups are encrypted BEFORE they leave the machine
    • Don't store the backup keys on the machine. Preferably keep 'em off the network.
  • Make sure all other connections are encrypted appropriately.
  • Review The PCI standards, especially the PCI-DSS, and make sure you implement the parts that make sense.
voretaq7
  • 79,345
  • 17
  • 128
  • 213
5

If you aren't in direct physical control of a machine, then there's no way that you can ever be 100% sure.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • Maybe I can host the machine locally, and buy a public proxy? would that be possible? – Mascarpone Oct 06 '11 at 15:18
  • @Mascarpone All things are possible. You need to think about your architecture and do what makes the most sense. (Two items to think about: Do you have a datacenter with redundant power, cooling and network connections? Do you need that level of reliability?) – voretaq7 Oct 06 '11 at 15:21
  • at this point I'm willing to sacrifice availability for confidentiality and integrity. If I were to host locally, I could require a specific CD ROM to be inserted in order to allow the admin to operate. This would greatly improve security. But is there anyone willing to sell me a proxy with DDoS and 24/7 network monitoring? How is that called? – Mascarpone Oct 06 '11 at 15:25
  • 3
    @Mascarpone It sounds like you're way way way in over your head with some of your suggestions. If security is that important, you should hire a reputable consultant that's implemented similar solutions in your field. It will be money well spent. – MDMarra Oct 06 '11 at 15:29
  • And that is absolutely true. I'm just trying to educate myself so I can make better choices. A sysadmin will be hired, but first thing first an estimated budget plan is needed to justify the expense. – Mascarpone Oct 06 '11 at 15:31
  • @Mascarpone The problem is you can't guess at a budget - you need the experience to know, at least in broad terms, what the solution will look like. I suggest looking at Managed Hosting companies in your area and schedule a sit-down to discuss what you're doing and the business-level requirements. They will then be able to give you technical requirements, and solutions. (Yes, they will probably charge you for this.) – voretaq7 Oct 06 '11 at 17:30