The cloud is completely anonymous, that makes the feeling to do
something (as a provider) much lower in my opinion. Knowing someone,
even the face, is much better. Since I know this point I did not call it
"physical security" but "security through obscurity" on purpose. Since
such a plug PC makes extraction of data a bit more complex - possible
always - I gain time. Time when the box is offline to revoke my keys ;)
I do have to trust the people I will be hosting it with, there is a
reason I do it in switzerland. (Yes, I belive after beeing the nation of
money we will be the *data bankers* soon)
@Stanislav: Interesting flag with SSH -A - I will have to read there
futher, is this something like PFS with IPSEC? never heard about that flag.
I think we are creating a topic for next swinog here. "Networking for
Mobile workers (Mosh) with paranoia"
Am 02.06.2012 08:57, schrieb Viktor Steinmann:
> Interesting topic, especially looking at the current cloud trends.
> We've been discussing this internally and came to the conclusion, that
> as long as someone has physical access to a server, he will always be
> capable of reading the data on that server with more or less effort.
> Even using a high level of physical security to ensure, nobody has
> physical access to the box can be broken with enough time and effort,
> especially from the people housing the box.
> In the end, all you need is trust. If you trust the people housing
> your box and if you trust their ability to keep the bad guys
> physically away, everything is fine. If you can't trust them you are
> lost in any case.
> Kind regards,
> Am 02.06.2012 01:05, schrieb Stanislav Sinyagin:
>> security by obscurity?
>> you know, with a JTAG adapter and a bit of knowledge, one can read
>> the onboard flash from those plugs too.
>> so, probably a better approach is to have a system which doesn't
>> expose your data when the disk is compromised. The simplest example
>> is SSH with public key authentication and authentication forwarding
>> (-A flag).
> swinog mailing list
> swinog@list... > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog