Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Sep 2016 13:49:23 -0500
From:      CyberLeo Kitsana <cyberleo@cyberleo.net>
To:        zhaghzhagh@openmailbox.org, freebsd-geom@freebsd.org
Subject:   Re: GELI on remotely hosted FreeBSD VM
Message-ID:  <429fb95a-27c0-46f7-e7be-faa77e31414c@cyberleo.net>
In-Reply-To: <c1fb16ed32ccb40a0bb86d1af322d6eb@openmailbox.org>
References:  <c1fb16ed32ccb40a0bb86d1af322d6eb@openmailbox.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 09/27/2016 09:13 AM, zhaghzhagh@openmailbox.org wrote:
> Hello
> 
> Wonder if there is any security implication with GELI based full disk
> encryption and FreeBSD running on Xen based VM?
<snip>
> In general, would like to have a clearer picture about the effectiveness
> of full disk encryption in case of VM hosted at an 'unknown' physical
> location.

Disk encryption only protects against offline attacks, or certain
attacks on remote storage where the key is nowhere near the storage. If
an attacker has access to the host side of a running or paused VM, it is
equivalent to having physical access to a running machine; there is
little you can do to secure a machine against such an attacker.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo@CyberLeo.Net>

Furry Peace! - http://www.fur.com/peace/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429fb95a-27c0-46f7-e7be-faa77e31414c>