Encrypted VM's (was Re: OT: Cloud Computing is coming to ...)
Genes MailLists
lists at sapience.com
Wed Jul 21 00:21:56 UTC 2010
On 07/20/2010 03:11 PM, Michael Semcheski wrote:
> On Tue, Jul 20, 2010 at 2:27 PM, <J.Witvliet at mindef.nl> wrote:
>> Just in general, what's the point in having server-disks (either local or "in-the-cloud" encrypted?
>> As soon as you start them up, all we be de-crypted and your system is only protected by normal security measures.
>>
>> Only usefull purpose might be to give each user their own encrypted backup-storage.
>> Something like a remote-tape-device...
>
> Well, you don't have to store the encryption key with the server.
> That means you might have to provide the key when the server boots up,
> and obviously that could be problematic (especially in a remote
> location.) But it would supplement the physical security of the
> server, and prevent someone with unauthorized access from booting with
> a live CD and copying data out, or just stealing the server to get to
> the data.
>
> But generally I agree with your point.
What may make a lot more sense - is a VM with only /home encrypted -
when user gains access - one could also bind mount /tmp from /home/tmp
and /var/tmp out of /home/var/tmp ...
Be nice to switch swap to encrypted too at that point.
This way -the VM can be booted no prob with unencrypted root - but user
of VM gets privacy.
I would think this would be highly desirable.
More information about the users
mailing list