[lug] Suggested Colo's in Boulder, managed hosting?
Peter Hutnick
peter-lists at hutnick.com
Mon Mar 3 19:54:10 MST 2003
Bear Giles said:
> Zan Lynx wrote:
>> On Mon, 2003-03-03 at 17:00, Bear Giles wrote:
>>
>>>Besides that issue, some servers contain sensitive information
>>>that simply can't be trusted to third-parties. The crypto keys on my
>>> CA project, for instance.
> >
>> One reboot, a rescue disk and a kernel module later, and you don't own
>> your system anymore.
>
> You need to take a break from reading Slashdot. :-) Rackmount
> hardware is not the same thing as desktop PCs, and even the
> cheapest colocation facility has the racks under 24/7 video
> survelliance.
Zan is 100% correct. The original point was about trusting the /admins/
at a co-lo. It might be marginally harder for an admin to explain what he
is doing to a box if it is un-managed, but that's about the only
difference in terms of security.
In all seriousness, grabbing the private key off a webserver you have
physical (but no login) access to is a 5 minute job. Unless there is a
BIOS password, then it is a 10 minute job if you do you homework in
advance.
I'll grant you a generous additional 15 seconds if the rack is locked.
OTOH, I'd personally trust any reputable co-lo to this degree.
-Peter
More information about the LUG
mailing list